[graylog2] Re: Does sidecar/filebeat support recursive subfolders specified by '*'

Hi Evgueni, On Thursday, 19 January 2017 23:04:39 UTC+1, Evgueni Gordienko wrote: > > Does sidecar/filebeat support recursive subfolders specified by '*'? > Yes, Filebeat supports globs: https://www.elastic.co/guide/en/beats/filebeat/current/configuration-filebeat-options.html#_paths Cheers,

[graylog2] Re: large searches kill ES - can graylog stop this?

Hi Jochen, just went through the whole IRC history and didn´t see anything relating to my case...I didn´t post anything about my indices as well (despite on java GC message) and a screenshot of JVM stats, so I kinda wonder how we got to the conclusion that my timestamps are messed up (which

[graylog2] Re: Event Log stream rules

Hi Chris, On Thursday, 19 January 2017 21:19:44 UTC+1, chrispro wrote: > > Are there any ready-to-use stream rules? > Check out the Graylog Marketplace: https://marketplace.graylog.org/ Cheers, Jochen -- You received this message because you are subscribed to the Google Groups "Graylog

Re: [graylog2] Re: large searches kill ES - can graylog stop this?

Hi Jerri, On Thursday, 19 January 2017 19:42:28 UTC+1, Jerri Son wrote: > > I must have missed that part in IRC, so sorry!! > I have to apologize, I think I've mixed that up with another user: https://botbot.me/freenode/graylog/2017-01-17/?msg=79493791=2 Cheers, Jochen -- You received this

Re: [graylog2] Re: Can't open web console on host IP

Sorry - typo - the actual values are both matching IP's. rest_listen_uri = http://10.10.0.64:9000/api/ rest_transport_uri = http://10.10.0.64:9000/api/ On Fri, Jan 20, 2017 at 9:49 AM, Jason Fuller wrote: > Hi Jochen, > > Yes, I'm sure.

Re: [graylog2] Re: Can't open web console on host IP

Hi Jochen, Yes, I'm sure. I'm on a standard internal network with one external public IP. I'm in Asia, not Switzerland. No proxy. [root@server]# curl http://ipecho.net/plain; echo; 203.xxx.xxx.xxx Also: rest_listen_uri = http://10.10.0.64:9000/api/ rest_transport_uri =

[graylog2] Does sidecar/filebeat support recursive subfolders specified by '*'

Does sidecar/filebeat support recursive subfolders specified by '*'? I mean if we have structure /var/log/dir1/dir2/ and /var/log/dir1/ and specify log pattern in collector input like /var/log/dir1/* then will the logs2 files from /var/log/dir1/dir2/ be collected? Thanks, Eugene -- You

[graylog2] Event Log stream rules

All, I'm sending events in GELF format to graylog. Are there any ready-to-use stream rules? Especially, I'd like to know if there were any login attempts at night. Furthermore if there were any consecutive failed logins. Thank you in advance. - Chris -- You received this message because

[graylog2] Manipulating pipelines via REST API by non-admin user in Graylog 2.1.2

Hey, I have coded a Python script that creates a pipeline rule, and adds that rule to a pipeline stage via Graylog's REST API. This works perfectly fine when using the built-in admin user that has all the access rights to the REST API. But I wonder, what permissions do I need to grant to a

Re: [graylog2] Re: large searches kill ES - can graylog stop this?

Hi Jochen, I must have missed that part in IRC, so sorry!! But thank you for pointing me in the right direction - Ill definetly have a look at our time stamps. It just might be that rsyslog reformats our timestamps. So I wonder if I can just override all incoming timestamps for each and any

[graylog2] Re: Enter Server Variable for Callback email alert

Hi Ciaran, On Thursday, 19 January 2017 17:26:23 UTC+1, Ciaran Boyle wrote: > > So this is obviously wrong - Server: ${message.fields.source}, I get > that. Can you pose an example of how I would enter the "message.source" > As I described before, there is no single message object when the

[graylog2] Re: Enter Server Variable for Callback email alert

Hi Ciaran, I will simply quote from my reply on GitHub: https://github.com/Graylog2/graylog2-server/issues/3392#issuecomment-273806544 There is no global message object but always a collection of messages which you have to iterate over (like shown on the bottom of the template and described

[graylog2] Enter Server Variable for Callback email alert

I am trying to get the source (server in this case) to show when I receive an alert, but the alert has an empty field. The Call back details are below: ## Alert Description: ${check_result.resultDescription} Date: ${check_result.triggeredAt} Stream ID: ${stream.id} Server:

[graylog2] Re: large searches kill ES - can graylog stop this?

Hi Jerri, On Thursday, 19 January 2017 16:05:52 UTC+1, Jerri Son wrote: > > More specifically it doesn´t matter how small the time frame was in my > case - as soon > as I used "quick values" on any number of message (in my case 18 message, > timespan 10 seconds) I made graylog/ES crash with

[graylog2] Re: large searches kill ES - can graylog stop this?

I´ll chime in here since I just encountered that exact problem. More specifically it doesn´t matter how small the time frame was in my case - as soon as I used "quick values" on any number of message (in my case 18 message, timespan 10 seconds) I made graylog/ES crash with messages like

[graylog2] Re: Windows RAW/Plintext input, parsing/extractor Question

I have them set to not cook the data so I get raw text out, my question is this, Has anyone built an extractor or parser to deal with Windows output as raw/plaintext? And I ask this because here are plenty non-RAW data options, however I nee to use the Splunk UF which means I am stuck with RAW

Re: [graylog2] Re: Can't open web console on host IP

Hi Jason, On Thursday, 19 January 2017 14:50:15 UTC+1, JayJay wrote: > > I'm past the logon issues now, however, when i go to setup an input, and > tell it which node, it's only giving me an option for an externally > connected IP - 141.8.225.xx > This is the IP address automatically detected

Re: [graylog2] Re: Can't open web console on host IP

Hi Jochen, thank you for your reply. I'm past the logon issues now, however, when i go to setup an input, and tell it which node, it's only giving me an option for an externally connected IP - 141.8.225.xx But I only have this setup in an internal network, no external IP binding. Ad that IP is

Re: [graylog2] Re: Can't open web console on host IP

Hi Jason, On Thursday, 19 January 2017 10:45:40 UTC+1, JayJay wrote: > > When I tried to go to :9000 (as setup in the web_listen_uri) it > would not respond. > What does "would not respond" mean exactly? Does it time out? Does it refuse connections? Does the web browser show errors in its

Re: [graylog2] Re: Can't open web console on host IP

Hi Jochen, Thanks for the links. I did setup those variables, but let me explain what I found: When I tried to go to :9000 (as setup in the web_listen_uri) it would not respond. When I tried wrote: > Hi, > > On Thursday, 19 January 2017 03:33:26 UTC+1, JayJay wrote: >> >> So does that mean we

[graylog2] Re: Which is the latest stable graylog version?

Hi Lecko, On Thursday, 19 January 2017 10:33:53 UTC+1, leck...@gmail.com wrote: > > But in the Graylog GUI, I get message: > > "The most recent stable Graylog version is *2.1.1 (Smuttynose) released > at 2016-09-14"* > The latest stable version is currently Graylog 2.1.2 (soon to be replaced

[graylog2] Re: Graylog Processing

Hi Peter, On Thursday, 19 January 2017 10:26:15 UTC+1, Peter Griggs wrote: > > I have two graylog instances setup (these are separate on separate sites) > one works fine the other is a mirror setup however the processing is not > working. > What does "is not working" mean exactly? Are there

[graylog2] Which is the latest stable graylog version?

Hello, I am runnig version v2.0.1 I am thinking about upgrade,to not be too much behind latest versions. But to which version to upgrade ? On the download page of graylog, the latest verison mentioned is graylog 2.1.2

[graylog2] Graylog Processing

Hello, I have two graylog instances setup (these are separate on separate sites) one works fine the other is a mirror setup however the processing is not working. This is to extract snort alerts from the syslog message and put into the fields however it just isn't doing this. Has anyone

Re: [graylog2] Re: Can't open web console on host IP

Hi, On Thursday, 19 January 2017 03:33:26 UTC+1, JayJay wrote: > > So does that mean we can not access GrayLog from anywhere outside the > localhost? It is a web services, after all... > Sure you can, there's a configuration file, after all…

[graylog2] Re: Embedded elastic search plugin

Hi, On Wednesday, 18 January 2017 17:54:31 UTC+1, Hyder wrote: > > Do I need to setup another cluster to prevent data-loss? What are the best > practices? > Graylog simply doesn't support running Elasticsearch plugins in its embedded instance, so if you want to use the Elastic Shield plugin or