[graylog2] Re: buglet: broken link http://info.graylog.org/marketplace-requests

Hi Jason, the link http://info.graylog.org/marketplace-requests shows a contact form for me:

[graylog2] Re: Monitoring Windows DHCP Server Activity

Hi Rob, this sounds like either there is simply no new content in the files you've configured nxlog to watch, or that the file pattern is wrong. Try using another File pattern in the nxlog im_file input or switch to Filebeat. Cheers, Jochen On Monday, 6 February 2017 23:22:59 UTC+1, Rob Repp w

[graylog2] buglet: broken link http://info.graylog.org/marketplace-requests

Hi there I just did a search on the marketplace for Azure related plugins and found nothing. There was a link saying "Sorry, nothing matches your query. Not found what you are looking for? Let us know what you'd like to see in the Marketplace!" But the link goes nowhere http://info.graylog.org

[graylog2] Re: Monitoring Windows DHCP Server Activity

Okay, I did a packet capture that's showing traffic between the two boxes. There seems to be the Graylog host sending a json of the nxlog.conf config data to the DHCP server once every four seconds or so, and the DHCP server sending back HTTP requests on port 9000. None of the exchanges look lik

[graylog2] Logging of Graylog-Server to Syslog

Hi, I'm trying to log messages from graylog-server to a syslog listener. But log4j included in graylog-server package does not send any message to the listener. A test with a Socket Appender seems to work fine, nc -klp 9500 127.0.0.1 outputs a lot of garbage:

[graylog2] help regex message

Hello, I need help in regex logstash. Mount a regex to get this line: *[13:24:20.118] [ERROR] [qtp1817789863-23] [c.c.c.v.h.ControllerExceptionHandler] : Uncaught Exception: {}* I tried use: ^\[(?!<[0-9])%{HOUR}:%{MINUTE}(?::%{SECOND})(?![0-9])]\s+(\[%{WORD:loglevel}\]) However ,I jus

[graylog2] Re: SysLog-udp traffic ignored from tomcat

Hi Jochen The issue was in timezone on the graylog server after sync it with all production servers ,issue got fixed Regards -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send

[graylog2] Azure Metrics alerts to Graylog

Hello, Anyone have used https://docs.microsoft.com/en-us/azure/monitoring https://teams.upm.com/sites/urudata/databases/Bases%20de%20datos%20de%20informacin%20infraestructura/IT-Infra_URY/Infra/Monitoring.one#Azure%20metric%20alerts§ion-id={D5121F26-272A-4BEA-83C7-3E9B62BB1065}&page-id={4B24A74E

[graylog2] Re: Monitoring Windows DHCP Server Activity

Hi Rob, since the configuration doesn't show any obvious errors, please use Wireshark or a similar tool like tcpdump to check if the log messages from nxlog are sent to the correct host and if the UDP packets actually arrive at the Graylog GELF UDP input. Cheers, Jochen On Monday, 6 February

[graylog2] Re: Monitoring Windows DHCP Server Activity

The traffic is not being blocked. There's no firewall on either machine, and the network path is unobstructed. Further, the Collector status for that Collector is showing green, with Backend "Nxlog: running." It looks like it's connected and responsive. It's just that there never seem to be any

[graylog2] Re: Graylog server always collect expired logs, these logs are generated long before , and now the switch has no such logs.

Hi, On Monday, 6 February 2017 12:16:12 UTC+1, ql.w...@163.com wrote: > > I haved stopped input, the graylog should not receive all logs, BUT the > abnormal message can be received as before. > Please verify with Wireshark or tcpdump, that these messages are indeed being received by Graylog or

Re: [graylog2] Re: OutOfMemoryError for Beats plugin

Hi Richard, depending on the number and size of messages, 512 MiB of heap memory might be too little for Graylog 2.1.x. Please assign at least 1 GiB of heap memory using the -Xms and -Xmx JVM parameters. On a side note, the OutOfMemoryError occurring in the code of the Beats plugin doesn't ne

Re: [graylog2] Re: OutOfMemoryError for Beats plugin

2.1, it is the Beats Input that came with that version of GL, 2G ram 1 core, 512mb assigned to heap. > On Feb 6, 2017, at 5:35 PM, Jochen Schalanda wrote: > > Hi Richard, > > Which version of the Graylog Beats plugin are you using? > Which version of Graylog are you using? > What are the hard

[graylog2] Re: json array parsing issue with logstash

Hi Ashkay, I'd recommend starting over with a blank "filter" section in your Logstash configuration and build up on working blocks. For example your "gsub" filter looks just strange. For further questions about Logstash, please post to https://discuss.elastic.co/c/logstash. Cheers, Jochen On

[graylog2] Re: Graylog server always collect expired logs, these logs are generated long before , and now the switch has no such logs.

Hi, I haved stopped input, the graylog should not receive all logs, BUT the abnormal message can be received as before. 在 2017年2月6日星期一 UTC+8下午6:40:50，Jochen Schalanda写道： > > Hi, > > are you sure that these messages are ingested right now and don't simply > have a timestamp "in the future" (e.

[graylog2] Re: json array parsing issue with logstash

Hi Jochen, I had gone through the link that you have provided. Previously, I have tried the configuration mentioned in that link. But in that as well I was getting the same issue. On Monday, February 6, 2017 at 3:08:27 PM UTC+5:30, Jochen Schalanda wrote: > > Hi Akshay, > > you can use the Log

[graylog2] Re: Graylog server always collect expired logs, these logs are generated long before , and now the switch has no such logs.

Hi, are you sure that these messages are ingested right now and don't simply have a timestamp "in the future" (e. g. because of timezone issues) and have been ingested some hours ago? Cheers, Jochen On Monday, 6 February 2017 11:17:19 UTC+1, ql.w...@163.com wrote: > > Hi, > This messages shows

[graylog2] Re: Graylog server always collect expired logs, these logs are generated long before , and now the switch has no such logs.

Hi, This messages shows received by deleted input on 0de4fb00 / Unknown, as shown in FIG: But the normal messages shows receive

[graylog2] Re: Problem Graylog upgrade from 2.1.2 to 2.1.3 - API

Hi Yiannis, please make sure to clear your browser cache. On Monday, 6 February 2017 11:00:17 UTC+1, Yiannis wrote: > > Where can i find a list of compatible plugins with graylog 2.1.3 ? > To be quite frank, there is none. You'll have to check that for every plugin yourself (and maybe share you

[graylog2] Re: Problem Graylog upgrade from 2.1.2 to 2.1.3 - API

Hi all having the same problem with the following list of plugins graylog-plugin-beats-1.1.5.jar graylog-plugin-collector-1.1.3.jar graylog-plugin-enterprise-integration-1.1.3.jar graylog-plugin-map-widget-1.1.3.jar graylog-plugin-pipeline-processor-1.1.3.jar usage-statistics-2.1.3.jar Where can

[graylog2] Re: Nodes with too long GC pauses

Hi Nitzan, you've configure a very high number of processbuffer_processors and outputbuffer_processors in your Graylog configuration which usually counterproductive. Please revert to the default values and only increase these values very conservatively. Cheers, Jochen On Sunday, 5 February 2

[graylog2] Re: Field histogram query failed. Make sure that field [HTTP_CODE_V2] is a numeric type.

Hi Vojtech, how exactly did you configure Graylog to extract the data you want from these messages? Also make sure that there are no old messages in your query time range which have a non-numeric value in the relevant fields. Cheers, Jochen On Sunday, 5 February 2017 16:40:19 UTC+1, Vojtech V

[graylog2] Re: json array parsing issue with logstash

Hi Akshay, you can use the Logstash split filter to split your message into individual events by splitting by the "data" field. See https://www.elastic.co/guide/en/logstash/current/plugins-filters-split.html for details. If you need more help with Logstash, please post to https://discuss.elas

[graylog2] Re: SysLog-udp traffic ignored from tomcat

Hi Alaa, On Sunday, 5 February 2017 17:50:04 UTC+1, alaa barqawi wrote: > > i added SYSLOG appender in *logback.xml * > Just FYI, there are also GELF appenders for Logback which can be used to send messages directly to Graylog: https://marketplace.graylog.org/addons?tag=logback > also if t

[graylog2] Re: Graylog server always collect expired logs, these logs are generated long before , and now the switch has no such logs.

Hi, when you click on one of these messages, you can see on which input they were received next to the "Received by" field. Once you have identified the input, you can use tools like Wireshark, tcpdump, or simply lsof to identify where these messages come from. Cheers, Jochen On Monday, 6 Fe

[graylog2] Re: RDBMS plugin on marketplace

Hi Richard, from looking at the plugin source code, it seems like it was written for Graylog 1.3.x, so it's not given that it will work with Graylog 2.x. Have you considered opening a bug report at https://github.com/wizecore/graylog2-output-jdbc/issues? Cheers, Jochen On Monday, 6 February 2

[graylog2] Re: OutOfMemoryError for Beats plugin

Hi Richard, Which version of the Graylog Beats plugin are you using? Which version of Graylog are you using? What are the hardware specs of the machine(s) running Graylog? Cheers, Jochen On Monday, 6 February 2017 09:03:09 UTC+1, Richard S. Westmoreland wrote: > > I'm getting this error in my se

[graylog2] OutOfMemoryError for Beats plugin

I'm getting this error in my server.log: 2017-02-06T07:55:17.016Z ERROR [NettyTransport] Error in Input [Beats/58785c6a57fe51420e73e1ea] (channel [id: 0x8183ee45, /127.0.0.1:52554 :> /127.0.0.1:5051]) *java.lang.OutOfMemoryError: Java heap space* at org.graylog.plugins.beats.BeatsFrameD