Hi,
we use graylog 2.1.2 with the apache-gelf Module from the marketplace.
If we try to search "Googlebot" in this string (type agent:)
agent = (Original Message) : "Mozilla/5.0 (compatible; Googlebot/2.1;
+http://www.google.com/bot.html)"
1. Search = Input AND agent:*Googlebot* = result
Hi Frank,
thanks for the update!
Cheers,
Jochen
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to graylog2+unsubscr...@googlegroups.com.
To view this
Hi Paweł,
as a matter of fact, everything is correct, except for your configuration.
The transport_address attribute in the output of GET
/api/system/cluster/nodes shows, that both nodes are using
http://127.0.0.1:9000/api/ as their transport address.
This address can be configured with the
Hi Anderson,
On Monday, 13 February 2017 14:25:29 UTC+1, Anderson Gabriel wrote:
>
> Hello, the timestamp is the same. But the ID is different
>
This means that these identical messages have been sent to Graylog multiple
times and that Graylog doesn't duplicate them.
Are you sure that Logstash
Hello, the timestamp is the same. But the ID is different
Em terça-feira, 6 de dezembro de 2016 14:31:37 UTC-2, Jochen Schalanda
escreveu:
>
> Hi Anderson,
>
> do all "duplicated" messages have the same timestamp and the same message
> ID or are they different?
>
> Cheers,
> Jochen
>
> On
Thanks Jochen!
I switched the puppet-config for
"elasticsearch_discovery_zen_ping_unicast_hosts" from Array to String.
Denny
Am Montag, 13. Februar 2017 10:42:40 UTC+1 schrieb Jochen Schalanda:
>
> Hi Denny,
>
> it looks like the elasticsearch_discovery_zen_ping_unicast_hosts setting
> is
Hi Denny,
it looks like the elasticsearch_discovery_zen_ping_unicast_hosts setting is
wrong. Please refer
to
http://docs.graylog.org/en/2.2/pages/configuration/elasticsearch.html#network-setup
for details.
Cheers,
Jochen
On Monday, 13 February 2017 10:23:18 UTC+1, Denny Gebel wrote:
>
> Hi
Hi Grayloggers,
I have a working 1.3.4 multi-server setup which needs to be upgraded.
I've installed a new test environment with graylog 2.1.2 on CentOS 7 (no
firewall enabled, selinux off):
3 VMs with Graylog (2.1.2) and MongoDB (2.6.12) + 3 VMs ES (2.4.4).
ES-Cluster is running fine, as well
Hi,
please upgrade to Graylog 2.2.0, which supports your use case via a default
stream containing all messages.
Cheers,
Jochen
On Friday, 10 February 2017 17:51:05 UTC+1, dhe...@gmail.com wrote:
>
> I've added LDAP auth to graylog 2.1.0-SNAPSHOT and assigned "Allow
> Reading" roles to all my
Hi Rui,
the timestamp field has to contain a valid date value, not a string that
looks like a date.
You can use the message processing pipeline or the date extractor for this:
http://docs.graylog.org/en/2.2/pages/extractors.html#normalization
http://docs.graylog.org/en/2.2/pages/pipelines.html
Hi Matthew,
On Friday, 10 February 2017 00:51:57 UTC+1, Matthew Shapiro wrote:
>
> Does Graylog have any detection of duplicate messages to overwrite, and if
> not is there any way to force an id on a message via an extractor?
>
No, Graylog doesn't support de-duplication of messages and
Hi Rob,
the Graylog Collector Sidecar simply configures and starts the actual
collectors (Filebeat or nxlog), so you'll have to check with their docs if
that's possible:
https://nxlog.co/docs/nxlog-ce/nxlog-reference-manual.html
https://www.elastic.co/guide/en/beats/filebeat/current/index.html
Hi
the best way is to parse messages one by one
Cheers
Anas
Le vendredi 6 février 2015 11:41:14 UTC+1, VANTIN Dao a écrit :
>
> Hello,
> I use Graylog2 with Rsyslog and when my pfSense send log to my Graylog2 i
> can't read the log then i download your extractor for pfsense on your
> website
Hi
i use GROK to parse everything, try this :
%{WORD:program}%{NOTSPACE}: %{IPV4:IPClient}:%{NOTSPACE:PORT}
\[%{WORD:User}\]
i track daily connections as follow,
Hi,
please refer
to
http://docs.graylog.org/en/2.2/pages/installation/operating_system_packages.html#rpm-yum-dnf
for the relevant information.
Cheers,
Jochen
On Friday, 10 February 2017 17:24:55 UTC+1, bernadet...@wavestrike.com
wrote:
>
> I need to create RPMs for CENTOS 6 (eventually
Hi,
please elaborate on your use case.
In general, we always recommend running the latest stable version of
Graylog (which is Graylog 2.2.0 at the time of writing).
Cheers,
Jochen
On Friday, 10 February 2017 17:24:17 UTC+1, bernadet...@wavestrike.com
wrote:
>
> we are using older version of
Hi Wallace,
are there any error messages in the logs of your Graylog node or in the
Developer console of your web browser?
Which web browser are you using?
Cheers,
Jochen
On Friday, 10 February 2017 04:17:25 UTC+1, Wallace Turner wrote:
>
> my (latest) graylog installation is missing the
17 matches
Mail list logo