[graylog2] View Dashboard Data

Hi, I have created dashboard with pi-chart, count and statistics. My question is if i click on a bar in histogram, will that show me there in some pop-up or any other way what are the logging messages associated with that bar? Please help me. Thanks, Sridhar -- You received this message

[graylog2] Re: Quick Values not working

Hi Steve, I changed the field name to something else (rcode). I am shipping my logs via GELF from a logstash processing instance so I edited my logstash config file to parse it as a different field name. -Bill On Friday, February 3, 2017 at 10:28:08 AM UTC-10, Steve Kuntz wrote: > > What did

[graylog2] Re: Monitoring Windows DHCP Server Activity

Okay, in order: 1. I'm using the OVA VM image from Graylog, so most of the configuration is already done. All I did was add a Connector with one nxlog input and one nxlog output, and then the GELF UDP input that the WinDHCP json created. The WinDHCP input is configured like this:

[graylog2] Re: Quick Values not working

What did you change in the name to make it work? On Friday, February 3, 2017 at 12:39:56 PM UTC-5, Bill Murrin wrote: > > I also starting receiving errors for a Quick values on a field named > "status_code"; I only noticed it after the upgrade to 2.1.3. I changed the > name to something else

Re: [graylog2] Graylog build and package

I tired to create rpm with > mvn rpm:rpm -X build it failed with below error I am not seeing any spec file also no instruction to create RPM in main POM.xml, someone please help to understand how the RPM works here [INFO] Reactor Summary: [INFO] [INFO] Graylog Parent POM

[graylog2] Re: Problem Graylog upgrade from 2.1.2 to 2.1.3 - API

Hummm, Maybe, that's the problem! Thank you Jochen. On Friday, February 3, 2017 at 4:18:55 PM UTC-2, Jochen Schalanda wrote: > > Hi César, > > make sure to use only plugins in a compatible version. > > For example the Threat Intelligence Plugin for Graylog is currently not > compatible

[graylog2] Re: Quick Values not working

Unfortunately not, it's the only log message that shows when trying to do a quick value on the field. -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to

[graylog2] Re: Problem Graylog upgrade from 2.1.2 to 2.1.3 - API

Hi César, make sure to use only plugins in a compatible version. For example the Threat Intelligence Plugin for Graylog is currently not compatible with Graylog 2.1.3. Cheers, Jochen On Friday, 3 February 2017 18:08:43 UTC+1, CESAR Fabre wrote: > > Hi, > > I'm trying the upgrade from 2.1.2 to

[graylog2] Re: Quick Values not working

Hi Steve, On Friday, 3 February 2017 18:05:26 UTC+1, Steve Kuntz wrote: > > There is an error in the graylog.log > > WARN [SearchResource] Unable to execute search: [reduce] > Is there more context around that warning message? Cheers, Jochen -- You received this message because you are

[graylog2] Re: Quick Values not working

Same here but I wasn't sure it was related to the update. -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this

[graylog2] Re: Quick Values not working

I also starting receiving errors for a Quick values on a field named "status_code"; I only noticed it after the upgrade to 2.1.3. I changed the name to something else and everything starting working again. I am converting this field to an integer and was doing a search on if the field value

[graylog2] Problem Graylog upgrade from 2.1.2 to 2.1.3 - API

Hi, I'm trying the upgrade from 2.1.2 to 2.1.3 on CentOS 7 but I had some problems. Follows the popup that appears frequently after upgrade. Server currently unavailable We are experiencing problems connecting to the Graylog server running on http://192.168.10.5:9000/api. Please verify that

[graylog2] Re: Quick Values not working

There is an error in the graylog.log WARN [SearchResource] Unable to execute search: [reduce] Any and All help is appreciated. On Friday, February 3, 2017 at 11:59:34 AM UTC-5, Steve Kuntz wrote: > > Also Field Statistics and Generate Chart work on this same data set as > well and I think

[graylog2] Re: Quick Values not working

As a test my search is _exists_:http_response_code AND http_response_code:[200 TO 503] And I"m still getting the same error. On Friday, February 3, 2017 at 10:53:04 AM UTC-5, Jochen Schalanda wrote: > > Hi Steve, > > the "quick values" functionality only works if the field is numeric in all >

[graylog2] Re: Quick Values not working

Hi Steve, the "quick values" functionality only works if the field is numeric in all messages of the queried time range. If there are some non-numeric values for that message field within the queried time range, you'll receive the error message you've already mentioned. Cheers, Jochen On

Re: [graylog2] Re: Indices and edit Extractor page timing out

Currently each index is ~10-15G and spans ~10-15 minutes doing this would make my indices huge and I'm guessing slower to search. On Fri, Feb 3, 2017 at 10:51 AM, Jochen Schalanda wrote: > Hi Steve, > > On Friday, 3 February 2017 16:03:04 UTC+1, Steve Kuntz wrote: >> >>

[graylog2] Re: Indices and edit Extractor page timing out

Currently each index is ~10-15G and spans ~10-15 minutes doing this would make my indices huge and I'm guessing slower to search. On Friday, February 3, 2017 at 10:51:25 AM UTC-5, Jochen Schalanda wrote: > > Hi Steve, > > On Friday, 3 February 2017 16:03:04 UTC+1, Steve Kuntz wrote: >> >>

[graylog2] Re: Indices and edit Extractor page timing out

Hi Steve, On Friday, 3 February 2017 16:03:04 UTC+1, Steve Kuntz wrote: > > Thanks, I guess I'll wait until 2.2. I need 2 weeks of archive and my > settings are keeping about 2100 indices @20,000,000 messages per index, > which is about 2 weeks for me. > Have you thought about using a

[graylog2] Quick Values not working

I'm having a new issue getting quick values since I modified some fields. This is just to get the HTTP status codes but there is some issue. All values are being converted to numeric but I'm getting an error. I've attached the error and the stats to show what the data is. -- You received this

[graylog2] Re: Indices and edit Extractor page timing out

Thanks, I guess I'll wait until 2.2. I need 2 weeks of archive and my settings are keeping about 2100 indices @20,000,000 messages per index, which is about 2 weeks for me. On Friday, February 3, 2017 at 4:14:11 AM UTC-5, Jochen Schalanda wrote: > > Hi Steve, > > the issue with the extractor

[graylog2] Re: Custom GrayLog Web Plugin Error "Cannot read property 'call' of undefined"

Hi Bill, On Friday, 3 February 2017 13:00:19 UTC+1, Bill Murrin wrote: > > Any assistance you can provide would be appreciated. Here is a link to the > plugin to see if you guys might be able to help me figure out what is > causing it. Once we figure this out, I plan on sharing the plugin on

[graylog2] Re: Custom GrayLog Web Plugin Error "Cannot read property 'call' of undefined"

I managed to get all of the features working for QuickValuesPlus plugin and it works perfectly in the web-dev environment using GrayLog 2.1.3. However, when I build the JAR for the plugin (mvn package) using 2.1.3 it BUILDS successfully, but after I add the plugin to Graylog and restart it, I

[graylog2] Re: How to solve this alert? Notification condition [NO_MASTER] has been fixed.

Hi Jochen, Always both ElasticSearch nodes are using 900 MB of 2GB RAM... but I will try it with 4GB if it is necessary. Thanks ;) El viernes, 3 de febrero de 2017, 10:07:57 (UTC+1), Jochen Schalanda escribió: > > Hi Aitor, > > as I already mentioned, your ES cluster doesn't have enough

[graylog2] Re: javax.net.ssl.SSLPeerUnverifiedException: Hostname 10.22.5.24 not verified - https

Hi Thank you very much it is good rest_transport_uri which(who) was badly configured =) I already have try to configure him(it) but in vain Meric very once again In the next one Jochen -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To

[graylog2] Re: Monitoring Windows DHCP Server Activity

Hi Rob, How did you configure Graylog? Which inputs did you create and how did you configure them? How did you configure the Graylog Collector Sidecar and what's the generated nxlog configuration? Cheers, Jochen On Thursday, 2 February 2017 23:30:20 UTC+1, Rob Repp wrote: > > I set up a

[graylog2] Re: Indices and edit Extractor page timing out

Hi Steve, the issue with the extractor page might have been fixed in Graylog 2.2.0, see https://github.com/Graylog2/graylog2-server/issues/3366 for the related GitHub issue. Cheers, Jochen On Thursday, 2 February 2017 21:56:32 UTC+1, Steve Kuntz wrote: > > Hi > > This is still a big issue for

[graylog2] Re: Indices and edit Extractor page timing out

Hi Steve, I haven't seen that behavior personally, but I wouldn't rule out that it can happen with a large number of indices. Please think about reducing the number of open indices in your system, either by closing them (System / Indices page) or by archiving them, for example with the

[graylog2] Re: javax.net.ssl.SSLPeerUnverifiedException: Hostname 10.22.5.24 not verified - https

Hi Giwenn, On Friday, 3 February 2017 10:04:51 UTC+1, Giwenn Launay wrote: > > It's good? > As long as you're using serv-XXX-log-2.XXX.XXX.com in your rest_transport_uri setting, it should be fine. Cheers, Jochen -- You received this message because you are subscribed to the Google Groups

[graylog2] Re: How to solve this alert? Notification condition [NO_MASTER] has been fixed.

Hi Aitor, as I already mentioned, your ES cluster doesn't have enough hardware resources to keep up with the data ingestion from Graylog. Assign at least 4 GiB of memory for each Elasticsearch node. Cheers, Jochen On Friday, 3 February 2017 08:05:27 UTC+1, Aitor Mendoza wrote: > > Hello

[graylog2] Re: javax.net.ssl.SSLPeerUnverifiedException: Hostname 10.22.5.24 not verified - https

And this is what I puts when I to create my certificate: Country Name (2 letter code) [XX]:FR State or Province Name (full name) []:France Locality Name (eg, city) [Default City]:XXX Organization Name (eg, company) [Default Company Ltd]: Organizational Unit Name (eg, section) []:Info Common

[graylog2] Re: Unable to connect elastic search

Hi Sridhar, 127.0.0.1 is the loopback address, which means that it's only accessible from the very same machine. If you're trying to create an Elasticsearch cluster, you have to use a public IP address of all affected nodes. See

[graylog2] Re: javax.net.ssl.SSLPeerUnverifiedException: Hostname 10.22.5.24 not verified - https

Hi, I have already tried with a different common name ex: serv-XX-log-2. XXX.XXX.com but always the same error. On the other hand when I created my certificate, he does not ask me to inform the field AltSubjName, it is normal? Cheers, Giwenn -- You received this message because you are