an use the term *Googlebot*. The term
*ooglebot* (without the capital G) should work with the default settings.
Frank
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, s
t; Thanks for helping and have a great day
>
> :) John Celtar
Did you allow leading wildcards for searches in graylog.conf?
Did you enable an analyzer for the agent field in the elasticsearch template?
Frank
--
You received this message because you are subscribed to the Google Groups
&quo
ter needs a value and doesn't have one. Log4j does
not care what value it is, even an empty string is fine. So the minimum config
for a RFC5424 syslog appender is:
Greetings
Frank
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
.html#SyslogAppender to
avoid typos:
Any clue what is going wrong? Why is only the Socket example working and the
Syslog test isn't?
Thanks
Frank
--
You received th
Are there any plans to add the possibility to select pipelines for the
content pack export?
On Wednesday, January 25, 2017 at 10:01:12 AM UTC+1, Jochen Schalanda wrote:
>
> Hi Frank,
>
> if you want to clone all settings, you have to use a MongoDB dump. If
> inputs/streams/das
Thanks, didn't know I could export almost everything as content pack. It's
almost what I need, but unfortunately pipelines are not included.
On Wednesday, January 25, 2017 at 10:01:12 AM UTC+1, Jochen Schalanda wrote:
>
> Hi Frank,
>
> if you want to clone all settings, you
What would be the preferred way to do this? A mongodb dump, write a script
that queries the API?
Cheers,
Frank
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send a
:
>
> Hi Frank,
>
> On Friday, 13 January 2017 14:49:56 UTC+1, Frank wrote:
>>
>> There is a grok filter %{SYSLOGBASE2} (from the default logstash grok
>> patterns) which should format the timestamp correctly.
>>
>
> Did you make sure that the "times
to do anymore tests.
Thank you,
Frank
On Thursday, January 12, 2017 at 4:51:30 PM UTC+1, Jochen Schalanda wrote:
>
> Hi Frank,
>
> what's the content of your messages? How are you ingesting them?
>
> Cheers,
> Jochen
>
> On Thursday, 12 January 2017 14:37:52 UTC+1, Fran
That's what I expected. I just added a converter to the timestamp field,
but that didn't change anything.
On Thursday, January 12, 2017 at 2:21:40 PM UTC+1, Jochen Schalanda wrote:
>
> Hi Frank,
>
> it looks like the "timestamp" message field in one (or more) o
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
[?:1.8.0_111]
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
[?:1.8.0_111]
at java.lang.Thread.run(Thread.java:745) [?:1.8.0_111]
Any ideas how to solve this?
Frank
--
You received this message because you are subscribed to
No one? :(
On Friday, January 6, 2017 at 6:24:18 PM UTC+1, Frank wrote:
>
> Thanks for your reply, but that's not what I'm trying to do.
>
> I've got a pipeline with some rules that add some fields and remove some
> fields.
> The pipeline is connected to a cust
e...@gmail.com wrote:
>
>
>
> On Friday, January 6, 2017 at 6:33:17 AM UTC-6, Frank wrote:
>>
>>
>> Plain shows the message without the fields that should be removed, but
>> also without the added custom fields.
>> Full and structured show the message with
custom fields, but also with
all fields that should be removed.
So no option is really working like I would need it.
Is there any solution?
Cheers,
Frank
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this grou
If I unterstand your question correctly, you have to connect an output to
your stream.
On the Streams page look for "Manage Outputs".
I just did this with a syslog output, and it works to some extend.
On Friday, January 6, 2017 at 2:37:03 AM UTC+1, Evgueni Gordienko wrote:
>
>
> For my stream in
Well, adding a "when" does certainly help, My bad!
rule "blacklist"
when
contains(to_string($message.message), "systemd")
then
drop_message();
end
On Thursday, January 5, 2017 at 4:29:48 PM UTC+1, Frank wrote:
>
> Hi there,
>
> I'm just makin
I'm using Graylog 2.1.2+50e449a, btw.
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web
at java.lang.Thread.run(Thread.java:745) [?:1.8.0_111]
What am I doing wrong?
Best,
Frank
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to g
I think I'll just shut them down to be safe.
Thanks Jan!
On Wednesday, January 27, 2016 at 2:00:03 AM UTC-8, Jan Doberstein wrote:
>
> Dear Frank,
>
> i will not use the phrase "it depends" - but if you did not have a high
> load this should work without a problem
I plan on moving my graylog servers to their own LUN and want to know if
it's safe to vmotion graylog servers while they are running, or should I
shut them down before vmotion? Anybody else have experience with this?
--
You received this message because you are subscribed to the Google Groups
't a member of one of those groups, they can't login to
graylog.
On Friday, January 22, 2016 at 11:48:44 AM UTC-8, Frank wrote:
>
> I have ldap and group mappings all configured and working, but I would
> like to restrict users that aren't in one of the group mappings to
I have ldap and group mappings all configured and working, but I would like
to restrict users that aren't in one of the group mappings to basically
have no access.
Is there any way to do this?
I don't want to have to move user's AD accounts into a specifc Graylog OU
because we already have a h
22 matches
Mail list logo