[graylog2] can not search googlebot

Hi, we use graylog 2.1.2 with the apache-gelf Module from the marketplace. If we try to search "Googlebot" in this string (type agent:) agent = (Original Message) : "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" 1. Search = Input AND agent:*Googlebot* = result

[graylog2] Re: Logging of Graylog-Server to Syslog

Hi Frank, thanks for the update! Cheers, Jochen -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this

[graylog2] Re: Incorrect Graylog Cluster details

Hi Paweł, as a matter of fact, everything is correct, except for your configuration. The transport_address attribute in the output of GET /api/system/cluster/nodes shows, that both nodes are using http://127.0.0.1:9000/api/ as their transport address. This address can be configured with the

[graylog2] Re: HELP-ME Duplications mensages

Hi Anderson, On Monday, 13 February 2017 14:25:29 UTC+1, Anderson Gabriel wrote: > > Hello, the timestamp is the same. But the ID is different > This means that these identical messages have been sent to Graylog multiple times and that Graylog doesn't duplicate them. Are you sure that Logstash

[graylog2] Re: HELP-ME Duplications mensages

Hello, the timestamp is the same. But the ID is different Em terça-feira, 6 de dezembro de 2016 14:31:37 UTC-2, Jochen Schalanda escreveu: > > Hi Anderson, > > do all "duplicated" messages have the same timestamp and the same message > ID or are they different? > > Cheers, > Jochen > > On

[graylog2] Re: fresh install of graylog 2.1.2 -> can't get it running

Thanks Jochen! I switched the puppet-config for "elasticsearch_discovery_zen_ping_unicast_hosts" from Array to String. Denny Am Montag, 13. Februar 2017 10:42:40 UTC+1 schrieb Jochen Schalanda: > > Hi Denny, > > it looks like the elasticsearch_discovery_zen_ping_unicast_hosts setting > is

[graylog2] Re: fresh install of graylog 2.1.2 -> can't get it running

Hi Denny, it looks like the elasticsearch_discovery_zen_ping_unicast_hosts setting is wrong. Please refer to http://docs.graylog.org/en/2.2/pages/configuration/elasticsearch.html#network-setup for details. Cheers, Jochen On Monday, 13 February 2017 10:23:18 UTC+1, Denny Gebel wrote: > > Hi

[graylog2] fresh install of graylog 2.1.2 -> can't get it running

Hi Grayloggers, I have a working 1.3.4 multi-server setup which needs to be upgraded. I've installed a new test environment with graylog 2.1.2 on CentOS 7 (no firewall enabled, selinux off): 3 VMs with Graylog (2.1.2) and MongoDB (2.6.12) + 3 VMs ES (2.4.4). ES-Cluster is running fine, as well

[graylog2] Re: Github page on giving Graylog read-access to non-admin users

Hi, please upgrade to Graylog 2.2.0, which supports your use case via a default stream containing all messages. Cheers, Jochen On Friday, 10 February 2017 17:51:05 UTC+1, dhe...@gmail.com wrote: > > I've added LDAP auth to graylog 2.1.0-SNAPSHOT and assigned "Allow > Reading" roles to all my

[graylog2] Re: Parse JSON containing timestamp field

Hi Rui, the timestamp field has to contain a valid date value, not a string that looks like a date. You can use the message processing pipeline or the date extractor for this: http://docs.graylog.org/en/2.2/pages/extractors.html#normalization http://docs.graylog.org/en/2.2/pages/pipelines.html

[graylog2] Re: Does graylog automatically detect duplicate messages on ingest?

Hi Matthew, On Friday, 10 February 2017 00:51:57 UTC+1, Matthew Shapiro wrote: > > Does Graylog have any detection of duplicate messages to overwrite, and if > not is there any way to force an id on a message via an extractor? > No, Graylog doesn't support de-duplication of messages and

[graylog2] Re: Monitoring Windows DHCP Server Activity

Hi Rob, the Graylog Collector Sidecar simply configures and starts the actual collectors (Filebeat or nxlog), so you'll have to check with their docs if that's possible: https://nxlog.co/docs/nxlog-ce/nxlog-reference-manual.html https://www.elastic.co/guide/en/beats/filebeat/current/index.html

[graylog2] Re: pfSense Extractor

Hi the best way is to parse messages one by one Cheers Anas Le vendredi 6 février 2015 11:41:14 UTC+1, VANTIN Dao a écrit : > > Hello, > I use Graylog2 with Rsyslog and when my pfSense send log to my Graylog2 i > can't read the log then i download your extractor for pfsense on your > website

[graylog2] Re: How to parse OpenVPN logs in Graylog?

Hi i use GROK to parse everything, try this : %{WORD:program}%{NOTSPACE}: %{IPV4:IPClient}:%{NOTSPACE:PORT} \[%{WORD:User}\] i track daily connections as follow,

[graylog2] Re: How do you build from source code for version 2.1.2 ?

Hi, please refer to http://docs.graylog.org/en/2.2/pages/installation/operating_system_packages.html#rpm-yum-dnf for the relevant information. Cheers, Jochen On Friday, 10 February 2017 17:24:55 UTC+1, bernadet...@wavestrike.com wrote: > > I need to create RPMs for CENTOS 6 (eventually

[graylog2] Re: How do you track unique users that have hit your site/which version do you need

Hi, please elaborate on your use case. In general, we always recommend running the latest stable version of Graylog (which is Graylog 2.2.0 at the time of writing). Cheers, Jochen On Friday, 10 February 2017 17:24:17 UTC+1, bernadet...@wavestrike.com wrote: > > we are using older version of

[graylog2] Re: missing alerts menu

Hi Wallace, are there any error messages in the logs of your Graylog node or in the Developer console of your web browser? Which web browser are you using? Cheers, Jochen On Friday, 10 February 2017 04:17:25 UTC+1, Wallace Turner wrote: > > my (latest) graylog installation is missing the