Hi
I'm collecting logs from Windows Serwer 2012 R2 using graylog collector
sidecar with winlogbeat, and I have issues with logs language. The system
was installed as Polish (my language) but later we changed language to
English, now everything is in English except messages sent by winlogbeat
maybe you're indexing some unnecessary fields? try to disable less needed
data, you can also strip them off with pipelines before they get processed
further, also I heard that BTRFS with compression enabled works nice with
ES,
W dniu poniedziałek, 12 września 2016 16:56:36 UTC+2 użytkownik
; confirm that you use just the GRAYLOG_REST_TRANSPORT_URI variable?
>
> thanks
>
> On Sunday, September 11, 2016 at 6:09:02 AM UTC-3, Daniel Kamiński wrote:
>>
>> I also stumbled on this error, passing machine network ip rather than
>> local 127.0.0.1 kind of worked
>
I also stumbled on this error, passing machine network ip rather than local
127.0.0.1 kind of worked
W dniu piątek, 2 września 2016 22:48:30 UTC+2 użytkownik Hernán Fernández
napisał:
>
> Hello,
>
> I just saw that the rest api is running now on the web interface and the
> variable
Hello
I was playing with snmp some time ago, it created multiple* fields with
dots*. Now new ES doesn't support dots in fields names so I cannot upgrade
to graylog 2.0. Messages with those fields contain* no valuable data*, so
I'd like to *delete *them from few past indices (yes, I know, I have
s,
> Jochen
>
> On Thursday, 21 April 2016 13:14:46 UTC+2, Daniel Kamiński wrote:
>>
>> you can change 'message' mapping template in ES via it's rest api, and
>> add `"doc_values": true` to some less needed fields, more info or doc
>> values here:
>
you can change 'message' mapping template in ES via it's rest api, and add
`"doc_values": true` to some less needed fields, more info or doc values
here:
https://www.elastic.co/guide/en/elasticsearch/reference/current/doc-values.html
W dniu czwartek, 21 kwietnia 2016 00:48:57 UTC+2 użytkownik
You could work this around by rewriting messages with drools like
here: http://docs.graylog.org/en/1.3/pages/drools.html, with modify($m) {
removeField("unwantedField") }
W dniu piątek, 29 stycznia 2016 10:38:03 UTC+1 użytkownik thePretender
napisał:
>
> Hi,
>
> For normalization purposes, I
It is possible to convert VDI/VMDK disk image to Microsoft's VHD with
virtuabox' tools (`vboxmanage clonehd input output --format vhd`), no need
to convert whole OVA as it's only a disk image with configuration file,
i've done this before to test how graylog would work on hyper-v, i
Hi,
Is there any way I can extract info about how many rules have been affected
by my drools rules? some kind of metrics of dropped/changed messages
depending on rule. I know I can use log but it's too verbose, all i need is
numbers.
--
You received this message because you are subscribed to
, %{[message_tmp][9]} ]
remove_field = message_tmp
}
}
output {
gelf {
host = '127.0.0.1'
port = 12203
}
}
alternatively you can just send raw log to graylog and process it there
W dniu środa, 24 czerwca 2015 10:23:01 UTC+2 użytkownik Daniel Kamiński
napisał:
The library used in logstash's gelf
You need to create an extractor for each field, provided you know fields
names, then you can extract a value with regex, like `fieldname=([^]*)`
W dniu wtorek, 23 czerwca 2015 14:39:46 UTC+2 użytkownik David Gerdeman
napisał:
In the uri-query field of my IIS logs I have a website that
The library used in logstash's gelf output is a bit broken, it doesn't
flatten the structure, and graylog only understands flat json. In your case
you split `message` field thus creating an array. You can delete message
field but gelf output needs that field, so I suggest copying `message` to
/reference/current/indices-templates.html)
but Graylog has not been tested with other data types in Elasticsearch, so
you're on your own if any errors occur due to the index mapping changes.
Cheers,
Jochen
On Wednesday, 20 May 2015 14:10:54 UTC+2, Daniel Kamiński wrote:
Hi
I'm trying
it's worth to mention that it's not considered by graylog as a number if
it's not blue in rubydebug codec. I had the same problems when
configuring logstash for forwarding netflow data from cisco routers to
graylog. I had to convert it somehow, ruby oneliner was the best solution.
W dniu
You can follow readme
at:
https://github.com/Graylog2/graylog2-images/tree/master/ova#extend-disk-space
Basically you add new virtual disk, format it as ext4 or anothe linux
compatible FS, mount somewhere temporarily and move on it files from
`/var/opt/graylog/data`, and then mount under
it's vm image, so gparted wouldn't work
You can of course just read OVA
Readme https://github.com/Graylog2/graylog2-images/tree/master/ova :-)
especially *Extend disk space* section, in short you have to generate
new, larger hd image and make vm use it as second one, create partition on
it,
PM UTC+1, Daniel Kamiński wrote:
Hi
I'm using graylog ova, after I upgraded to 1.0.1 I noticed it creates a
new index (cycles deflector) each restart. I had to tune some
configuration
and restart graylog couple of times today (it started to behave) and found
out I created 10 indexes
Hi
I'm using graylog ova, after I upgraded to 1.0.1 I noticed it creates a new
index (cycles deflector) each restart. I had to tune some configuration and
restart graylog couple of times today (it started to behave) and found out
I created 10 indexes today, each with few tousand messages. Is
19 matches
Mail list logo
