[graylog2] Re: No 'Beats Input' available to receive sidecar data.

Hi Chris, On Tuesday, 21 February 2017 00:46:35 UTC+1, Chris Thompson wrote: > > 2017-02-20_23:31:59.44325 INFO [CmdLineTool] Loaded plugins: [Anonymous > Usage Statistics 1.2.1 > [org.graylog.plugins.usagestatistics.UsageStatsPlugin]] > The Anonymous Usage Statistics plugin 1.2.1 was written

[graylog2] Re: No 'Beats Input' available to receive sidecar data.

Hi Chris, how exactly did you install (and upgrade) Graylog? It looks like you're using an incompatible version of the Beats plugin. The correct version of the Beats plugin is shipped with Graylog and can also be downloaded from

[graylog2] Re: use 1 minute Timerange not working

Hi, what exactly do you mean with "both of them don't work"? How did you configure the alert conditions? What did you expect to happen? What did actually happen? Cheers, Jochen On Monday, 20 February 2017 16:20:43 UTC+1, vadimv Vatlin wrote: > > Hello. > > I have some strange problem. > > I

[graylog2] Re: Global kafka input doesn't work.

Hi Art, are there any error messages in the logs of your Graylog nodes? Cheers, Jochen On Friday, 17 February 2017 00:30:39 UTC+1, Art Star wrote: > > Hey guys, > > I'm trying to configure two graylog servers to read from the same topic in > kafka. But when I choose global input, only one of

[graylog2] Re: Remove field using extractos

Hi Rui, On Tuesday, 14 February 2017 16:24:55 UTC+1, Rui Goncalves wrote: > > What am I missing? I think there must be something that I'm missing, > because we can route the same message to multiple streams. > This sounds like an incorrect message processor order. Check the order of your

[graylog2] [INFO] Google Group shutdown on Feb 21, 2017

Hi everyone, just a timely reminder that this Google Group will be set to read-only on Feb 21, 2017 and will be replaced by the official Graylog Community Forums . If you have any open threads on this mailing list, please create a corresponding topic on the

[graylog2] Re: graylog 2.2.0 ssl error

Hi Adi, I'm not sure what you intended to do with these JVM settings, but they're for the Maven build system and not Graylog. Please refer to http://docs.graylog.org/en/2.2/pages/configuration/https.html for information about using HTTPS in Graylog. Cheers, Jochen On Sunday, 19 February

[graylog2] Re: graylog not working after upgrading to v2.2.0 from 2.1.2

Hi Marsel, there seem to exist multiple issues in your setup. 1. Make sure to only use compatible plugins with your version of Graylog. For example the Threat Intel plugin is currently not compatible with Graylog 2.2.0. 2. Make sure to create a custom index mapping. For example the

[graylog2] Re: Copy input extractor failure

Hi Rayees, which version of Graylog and Elasticsearch are you running? Cheers, Jochen On Saturday, 18 February 2017 01:46:16 UTC+1, Rayees Namathponnan wrote: > > Hi All, > > I created “Copy Input” extractor to get key value pair, here is my > message, trying to extract *level* and *status*

[graylog2] Re: Troubleshooting logs

Hi Tom, On Friday, 17 February 2017 00:41:03 UTC+1, Tom Powers wrote: > > I've found this article on the right place to put the certs...but not sure > what format or how to get them out of the master server > > >

[graylog2] Re: Troubleshooting logs

Hi Tom, On Thursday, 16 February 2017 16:28:09 UTC+1, Tom Powers wrote: > > If I turn TLS on for the Input side (Server 2), and click the Verify TLS > on the client side(server1) (like I have done in my test lab), then the > Server2 doesn't receive anything on the input. > Have the SSL

[graylog2] Re: Spaces between characters!

Hi Tom, this looks like an encoding problem (UTF-16 vs. UTF-8), see https://github.com/Graylog2/graylog2-server/issues/3130 for a related issue with a potential fix. Cheers, Jochen On Thursday, 16 February 2017 16:19:33 UTC+1, Tom Collins wrote: > > Hi all - I was wondering if anyone could

Re: [graylog2] Archive data in free version of graylog?

Hi Dan, On Thursday, 16 February 2017 14:43:19 UTC+1, Dan Hoffmann wrote: > > Might there be an easy to read how to on this somewhere that you know > about? A quick GIS turns up some info, but it's not easy to follow in my > current level of product knowledge. > See

Re: [graylog2] Archive data in free version of graylog?

Hi Dan, On Thursday, 16 February 2017 13:53:08 UTC+1, Dan Hoffmann wrote: > > I saw that, but I'm not wanting to spend $6000 a year for that feature. > Was hoping there were more options. > You can still use the Elasticsearch snapshot functionality with all its drawbacks (like potentially

[graylog2] Re: Nodes with too long GC pauses

Hi Nitzan, On Thursday, 16 February 2017 14:20:33 UTC+1, Nitzan Haimovich wrote: > > Where do I configure the threshold for this? > You can configure this with the gc_warning_threshold setting: https://github.com/Graylog2/graylog2-server/ blob/2.2.0/misc/graylog.conf#L527-L529 But be aware

[graylog2] Re: Rest api for Logs

Hi Anant, you can query the complete data set over the Graylog REST API, check the search-related resources in the Graylog API browser at http://127.0.0.1:9000/api/api-browser (URI might be different for your setup). Cheers, Jochen On Thursday, 16 February 2017 10:34:04 UTC+1, Anant Sawant

[graylog2] Re: How to upgrade Graylog 2.1 > 2.2 ?

Hi, On Thursday, 16 February 2017 10:34:07 UTC+1, jtkarvo wrote: > > Is is possible to do a rolling upgrade to a graylog cluster (from 2.1 to > 2.2)? If so, should I upgrade master first or non-master nodes first? > Due to some changes in the index management it's not possible to do a rolling

[graylog2] Re: how to resolve issue with indexer

Hi Jiří, the "level" message field has to be a numeric value, i. e. the numeric severity level of syslog messages: https://en.wikipedia.org/wiki/Syslog#Severity_level You can use message processor pipeline rules to change that in Graylog: http://docs.graylog.org/en/2.2/pages/pipelines.html

[graylog2] Re: SSL JVM

Hi, as long as you don't add your self-signed certificate to the trusted certificates of your web browsers as well, that "insecure" notification will remain. Please consult the documentation of your web browser for this. Cheers, Jochen On Wednesday, 15 February 2017 17:04:02 UTC+1, CTuser

[graylog2] Re: SSL JVM

Hi, you can add JVM settings to the GRAYLOG_SERVER_JAVA_OPTS variable. Cheers, Jochen On Wednesday, 15 February 2017 13:03:45 UTC+1, CTuser wrote: > > Hi Jochen, > > here is the output of the JVM settings (/etc/sysconfig/graylog-server): >

[graylog2] Re: Assistance with Pipeline Processor Function Plugin

Hi Bill, just for the fun of it, try using a unique ID and a plugin file name that lexicographically comes *after* the Graylog Pipeline Processor Plugin. Cheers, Jochen On Wednesday, 15 February 2017 12:04:41 UTC+1, Bill Murrin wrote: > > I am looking for assistance with a plugin I am trying

[graylog2] Re: SSL JVM

Hi, please refer to http://docs.graylog.org/en/2.2/pages/configuration/file_location.html for the specific location of the file for the JVM settings. Cheers, Jochen On Wednesday, 15 February 2017 11:15:01 UTC+1, CTuser wrote: > > Hi Jochen, > > I already followed the "Adding a self-signed

[graylog2] Re: Incorrect Graylog Cluster details

Hi Paweł, please describe exactly what you did and which error messages you've seen. Additionally describe the current situation, the configuration of all Graylog nodes, and what problem you're trying to solve right now. Cheers, Jochen On Wednesday, 15 February 2017 00:34:59 UTC+1, Paweł

[graylog2] Re: SSL JVM

Hi, the necessary steps are described in the documentation at http://docs.graylog.org/en/2.2/pages/configuration/https.html#adding-a-self-signed-certificate-to-the-jvm-trust-store . Cheers, Jochen On Wednesday, 15 February 2017 09:14:03 UTC+1, CTuser wrote: > > Hi, > > I created self-signed

[graylog2] Re: How to upgrade Graylog 2.1 > 2.2 ?

Hi, you can find upgrade instructions in the documentation, depending on how you've installed Graylog in the first place. http://docs.graylog.org/en/2.2/pages/configuration/graylog_ctl.html#upgrade-graylog http://docs.graylog.org/en/2.2/pages/installation/operating_system_packages.html#deb-apt

[graylog2] Re: [ANN] Graylog 2.2.0 has been released

Hi Anas, On Wednesday, 15 February 2017 09:33:50 UTC+1, Benbrahim Anass wrote: > > Congratulations on the new release, is there anything new about custom > dashboards ? > Please refer to the release notes for detailed information: https://www.graylog.org/blog/88-announcing-graylog-v2-2-0

[graylog2] [ANN] Graylog 2.2.0 has been released

Hi everyone, I'm proud to announce the GA release of Graylog 2.2.0! We've put a lot of work into this release to bring you interesting features like improved retention and rotation (index sets) and enhanced alerting. You can find the release notes for Graylog 2.2.0 at:

[graylog2] Re: Remove field using extractos

Hi Rui, On Tuesday, 14 February 2017 13:15:13 UTC+1, Rui Goncalves wrote: > > Why it's not possible to remove a field from the received message using > extractors? > This was a deliberate decision at the time to prevent people from wondering why some field didn't exist anymore due to stacked

[graylog2] Re: Logging of Graylog-Server to Syslog

Hi Frank, thanks for the update! Cheers, Jochen -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this

[graylog2] Re: Incorrect Graylog Cluster details

Hi Paweł, as a matter of fact, everything is correct, except for your configuration. The transport_address attribute in the output of GET /api/system/cluster/nodes shows, that both nodes are using http://127.0.0.1:9000/api/ as their transport address. This address can be configured with the

[graylog2] Re: HELP-ME Duplications mensages

Hi Anderson, On Monday, 13 February 2017 14:25:29 UTC+1, Anderson Gabriel wrote: > > Hello, the timestamp is the same. But the ID is different > This means that these identical messages have been sent to Graylog multiple times and that Graylog doesn't duplicate them. Are you sure that Logstash

[graylog2] Re: fresh install of graylog 2.1.2 -> can't get it running

Hi Denny, it looks like the elasticsearch_discovery_zen_ping_unicast_hosts setting is wrong. Please refer to http://docs.graylog.org/en/2.2/pages/configuration/elasticsearch.html#network-setup for details. Cheers, Jochen On Monday, 13 February 2017 10:23:18 UTC+1, Denny Gebel wrote: > > Hi

[graylog2] Re: Github page on giving Graylog read-access to non-admin users

Hi, please upgrade to Graylog 2.2.0, which supports your use case via a default stream containing all messages. Cheers, Jochen On Friday, 10 February 2017 17:51:05 UTC+1, dhe...@gmail.com wrote: > > I've added LDAP auth to graylog 2.1.0-SNAPSHOT and assigned "Allow > Reading" roles to all my

[graylog2] Re: Parse JSON containing timestamp field

Hi Rui, the timestamp field has to contain a valid date value, not a string that looks like a date. You can use the message processing pipeline or the date extractor for this: http://docs.graylog.org/en/2.2/pages/extractors.html#normalization http://docs.graylog.org/en/2.2/pages/pipelines.html

[graylog2] Re: Does graylog automatically detect duplicate messages on ingest?

Hi Matthew, On Friday, 10 February 2017 00:51:57 UTC+1, Matthew Shapiro wrote: > > Does Graylog have any detection of duplicate messages to overwrite, and if > not is there any way to force an id on a message via an extractor? > No, Graylog doesn't support de-duplication of messages and

[graylog2] Re: Monitoring Windows DHCP Server Activity

t never updated. I had to manually > reload the file to see any changes. Further, I never saw any update in the > file Date Modified. Is there some way to force collector sidecar to poll > the files even if they don't show any obvious activity? > > On Tuesday, February 7, 2017 at 1:5

[graylog2] Re: How do you build from source code for version 2.1.2 ?

Hi, please refer to http://docs.graylog.org/en/2.2/pages/installation/operating_system_packages.html#rpm-yum-dnf for the relevant information. Cheers, Jochen On Friday, 10 February 2017 17:24:55 UTC+1, bernadet...@wavestrike.com wrote: > > I need to create RPMs for CENTOS 6 (eventually

[graylog2] Re: How do you track unique users that have hit your site/which version do you need

Hi, please elaborate on your use case. In general, we always recommend running the latest stable version of Graylog (which is Graylog 2.2.0 at the time of writing). Cheers, Jochen On Friday, 10 February 2017 17:24:17 UTC+1, bernadet...@wavestrike.com wrote: > > we are using older version of

[graylog2] Re: missing alerts menu

Hi Wallace, are there any error messages in the logs of your Graylog node or in the Developer console of your web browser? Which web browser are you using? Cheers, Jochen On Friday, 10 February 2017 04:17:25 UTC+1, Wallace Turner wrote: > > my (latest) graylog installation is missing the

[graylog2] Re: collect logs from remote machine

Hi Wallace, On Thursday, 9 February 2017 12:20:26 UTC+1, Wallace Turner wrote: > > Ho Jochen so you need to install Sidecar (and then possibly nxlog) on each > machine you want to watch a logfile? > You can use any other means of shipping the logs from your systems to Graylog that you like.

[graylog2] Re: How to parse OpenVPN logs in Graylog?

Hi César, first you have to ship the logs to your Graylog server, either by forwarding the messages via your syslog daemon on that system or by reading from a log file on that system. See http://docs.graylog.org/en/2.2/pages/sending_data.html and

[graylog2] Re: Overwriting Timestamp field using Pipeline rules

gt;> 2c95ac8e-57e3-91b2-0158-495b880b24e8REQUEST FAILED ==> STATUS CODE: 404, >>> RESPONSE BODY: >>> name >>> WO-ATL-CS >>> offset >>> 2372156 >>> source >>> WO-ATL-CS >>> timestamp >>> 2017-02-08T16:00:35.864Z >>

[graylog2] Re: Graylog is ignoring some UDP packets sent by a particular host

Hi, Graylog itself doesn't care where the packets are coming from. Is the routing to Graylog working for the "ignored" host? Is the networking set up correctly on all hosts? Are there any firewall rules in place? How did you configure the Syslog UDP and the Raw/Plaintext UDP inputs? Cheers,

[graylog2] Re: Incoming Gelf UDP messages not showing up

Hi, On Thursday, 9 February 2017 06:54:30 UTC+1, IJFK wrote: > > I'm sending Syslog packets in Gelf format (I successfully validated the > Json), and no matter what I do, the packets don't show up. There is no > parsing error or anything, the data just doesn't show up. > How exactly are you

[graylog2] Re: Forward from One graylog to another

Hi Tom, On Thursday, 9 February 2017 04:46:31 UTC+1, Tom Powers wrote: > > Is there any good doc on setting up the tls on the stream output and then > the receiving side at the new graylog instance? Please refer to the documentation at http://docs.graylog.org/en/2.1/pages/streams.html#outputs

[graylog2] Re: collect logs from remote machine

Hi Wallace, On Thursday, 9 February 2017 06:03:07 UTC+1, Wallace Turner wrote: > > What i am trying to do is for graylog to retrieve (or monitor) a log file > at a network location (windows servers) and bring the contents of the plain > text log file to graylog. > > Is this possible (on

[graylog2] Re: Forward from One graylog to another

Hi Tom, On Wednesday, 8 February 2017 23:31:46 UTC+1, Tom Powers wrote: > > We are only tracking windows events here, so If I read this right, could i > set the stream output in Gelf format and send it to the Parent office > Graylog server (over TLS of course)? > Yes, that's pretty much it.

Re: [graylog2] Re: Extractor and processing messages

Hi Rayees, On Wednesday, 8 February 2017 18:00:05 UTC+1, Rayees Namathponnan wrote: > > I am looking extractor configuration, there i am not seeing any way to > define the input, without this all the messages comes to system will go > trough the extractor right ? I am missing something ? >

[graylog2] Re: Extractor and processing messages

Hi Rayees, On Wednesday, 8 February 2017 17:38:56 UTC+1, Rayees Namathponnan wrote: > > Suppose i have defined 10 extractors and if any messages comes to graylog > this go trough all the 10 extractors ? > This depends on your configuration and if the preconditions for these extractors have

[graylog2] Re: Overwriting Timestamp field using Pipeline rules

Hi Al, On Wednesday, 8 February 2017 15:11:34 UTC+1, Al Reynolds wrote: > > I was under the impression that using the "parse_date" function would > create a Date object? > It does, see http://docs.graylog.org/en/2.1/pages/pipelines/functions.html#parse-date for reference. But your date

[graylog2] Re: Graylog 2.2.0-rc.1 lags while editing inputs

ticsearch.pid > -Des.default.path.home=/usr/share/elasticsearch > -Des.default.path.logs=/var/log/elasticsearch > -Des.default.path.data=/var/lib/elasticsearch > -Des.default.path.conf=/etc/elasticsearch > > Am Mittwoch, 8. Februar 2017 11:54:59 UTC+1 schrieb Jochen Schalanda:

[graylog2] Re: Graylog 2.2.0-rc.1 lags while editing inputs

Hi, there are quite long GC pauses mentioned in your logs. What are the hardware specs of the machine(s) running Graylog and how did you configure Graylog (also how are the JVM settings)? Cheers, Jochen On Wednesday, 8 February 2017 11:43:27 UTC+1, Ha NN wrote: > > Hi, > > i am testing

[graylog2] Re: Overwriting Timestamp field using Pipeline rules

Hi Al, the "timestamp" field has to be a Date object and not a string. Additionally, the first parameter of your set_field() call seems odd ("$timestamp" instead of "timestamp"). This rule might work, although I haven't tested it: rule "WO-CS-RAS" when

[graylog2] Re: Please share how to setup graylog with windows log4net logs.

Hi Rohit, check the Graylog Marketplace for GELF appenders supporting log4net: https://marketplace.graylog.org/addons?tag=log4net Cheers, Jochen On Tuesday, 7 February 2017 17:53:54 UTC+1, rohit agarwal wrote: > > Hi, > > Please help in configuring graylog on centos7 with log4net logs to be >

[graylog2] Re: Logstash Split Plugin

Hi Shrawan, since you've asked this question multiple times already ( https://groups.google.com/d/msg/graylog2/Qev2klwPmGQ/o0bTaXuyAwAJ, https://groups.google.com/d/msg/graylog2/G7Z3yOiqrn8/e0ISsyEuAgAJ), you should consider buying professional support at

[graylog2] Re: Graylog 2.1.2 - Geo-Location

Hi, please read the documentation again: http://docs.graylog.org/en/2.1/pages/geolocation.html#configure-the-message-processor I've already quoted the relevant parts in my previous post. You have to extract the information into separate fields. Currently everything is in the "message" field.

[graylog2] Re: Graylog over multiple sites

Hi, On Tuesday, 7 February 2017 13:46:36 UTC+1, SystemAdminUK wrote: > > Then at one site I have the web interface to query the data. This would > mean I would not need to ship the logs offsite, and save on internet > bandwidth. Is this a possible option? > Unfortunately that's not possible.

[graylog2] Re: Graylog 2.1.2 - Geo-Location

Hi, On Tuesday, 7 February 2017 13:46:47 UTC+1, CTuser wrote: > > Yes, of course. > I'm getting lots of messages contain IPV4 from the FW. > Do they have any field that *only* contains an IPv4 address and no other content? Cheers, Jochen -- You received this message because you are

[graylog2] Re: Graylog 2.1.2 - Geo-Location

Hi, are there any other messages which exclusively contain an IPv4 or IPv6 address in the "message" field? I'll quote http://docs.graylog.org/en/2.1/pages/geolocation.html#configure-the-message-processor : That’s it, at this point Graylog will start looking for fields *containing >

[graylog2] Re: Azure Metrics alerts to Graylog

Hi Pablo, On Monday, 6 February 2017 19:34:38 UTC+1, Pablo Daniel Estigarribia Davyt wrote: > > As I have seen, there is no standard http post input only GELF in graylog? > Or using tcp port could be possible? (I will try this and extractor > configuration). > This will probably not work

[graylog2] Re: Logging of Graylog-Server to Syslog

Hi Frank, On Monday, 6 February 2017 22:49:23 UTC+1, Frank Engler wrote: > > Any clue what is going wrong? Why is only the Socket example working and > the > Syslog test isn't? > This shows that the appender mechanism itself is working but that either the Syslog appender doesn't work or that

[graylog2] Re: help regex message

Hi Rafael, you can use https://grokdebug.herokuapp.com/ to play around with and debug your Grok patterns. FWIW, you're missing a backslash to escape the parenthesis after the timestamp. This pattern is working: ^\[%{TIME}\.[0-9]{0,3}\]\s+\[%{WORD:loglevel}\].* Cheers, Jochen On Monday,

[graylog2] Re: buglet: broken link http://info.graylog.org/marketplace-requests

Hi Jason, the link http://info.graylog.org/marketplace-requests shows a contact form for me:

[graylog2] Re: Monitoring Windows DHCP Server Activity

port 9000. None of the exchanges look like > they contain data from the DHCP logs. > > On Monday, February 6, 2017 at 10:37:44 AM UTC-6, Jochen Schalanda wrote: >> >> Hi Rob, >> >> since the configuration doesn't show any obvious errors, please use >> Wireshark or a

[graylog2] Re: Monitoring Windows DHCP Server Activity

> like it's connected and responsive. It's just that there never seem to be > any messages on the associated Input. > Tks, > R. > > On Saturday, February 4, 2017 at 3:30:18 AM UTC-6, Jochen Schalanda wrote: >> >> Hi Rob, >> >> the configuration looks good so far. M

[graylog2] Re: Graylog server always collect expired logs, these logs are generated long before , and now the switch has no such logs.

Hi, On Monday, 6 February 2017 12:16:12 UTC+1, ql.w...@163.com wrote: > > I haved stopped input, the graylog should not receive all logs, BUT the > abnormal message can be received as before. > Please verify with Wireshark or tcpdump, that these messages are indeed being received by Graylog

Re: [graylog2] Re: OutOfMemoryError for Beats plugin

Hi Richard, depending on the number and size of messages, 512 MiB of heap memory might be too little for Graylog 2.1.x. Please assign at least 1 GiB of heap memory using the -Xms and -Xmx JVM parameters. On a side note, the OutOfMemoryError occurring in the code of the Beats plugin doesn't

[graylog2] Re: json array parsing issue with logstash

ssue. > > > On Monday, February 6, 2017 at 3:08:27 PM UTC+5:30, Jochen Schalanda wrote: >> >> Hi Akshay, >> >> you can use the Logstash split filter to split your message into >> individual events by splitting by the "data" field. >> >

[graylog2] Re: Graylog server always collect expired logs, these logs are generated long before , and now the switch has no such logs.

> But the normal messages shows received by netsyslog on 0de4fb00 / > Unknown,as shown in FIG: > > > <https://lh3.googleusercontent.com/-4pmWgp_vfz4/WJhM8w50ltI/AAk/J3VF__snTZs5jOwy8Z-GikbAtEE-rwwkACLcB/s1600/QQ%25E6%2588%25AA%25E5%259B%25BE20170206181912.png> > > > 在 20

[graylog2] Re: Problem Graylog upgrade from 2.1.2 to 2.1.3 - API

Hi Yiannis, please make sure to clear your browser cache. On Monday, 6 February 2017 11:00:17 UTC+1, Yiannis wrote: > > Where can i find a list of compatible plugins with graylog 2.1.3 ? > To be quite frank, there is none. You'll have to check that for every plugin yourself (and maybe share

[graylog2] Re: Nodes with too long GC pauses

> > On Thursday, February 2, 2017 at 6:38:57 PM UTC+2, Jochen Schalanda wrote: >> >> Hi Nitzan, >> >> please post the configuration and logs of all Graylog nodes and a >> description of your hardware. >> >> Cheers, >> Jochen >>

[graylog2] Re: Field histogram query failed. Make sure that field [HTTP_CODE_V2] is a numeric type.

Hi Vojtech, how exactly did you configure Graylog to extract the data you want from these messages? Also make sure that there are no old messages in your query time range which have a non-numeric value in the relevant fields. Cheers, Jochen On Sunday, 5 February 2017 16:40:19 UTC+1, Vojtech

[graylog2] Re: json array parsing issue with logstash

Hi Akshay, you can use the Logstash split filter to split your message into individual events by splitting by the "data" field. See https://www.elastic.co/guide/en/logstash/current/plugins-filters-split.html for details. If you need more help with Logstash, please post to

[graylog2] Re: SysLog-udp traffic ignored from tomcat

Hi Alaa, On Sunday, 5 February 2017 17:50:04 UTC+1, alaa barqawi wrote: > > i added SYSLOG appender in *logback.xml * > Just FYI, there are also GELF appenders for Logback which can be used to send messages directly to Graylog: https://marketplace.graylog.org/addons?tag=logback > also if

[graylog2] Re: Graylog server always collect expired logs, these logs are generated long before , and now the switch has no such logs.

tch as before. As shown in FIG. > > > > 在 2017年2月4日星期六 UTC+8下午6:07:06，Jochen Schalanda写道： >> >> Hi, >> >> please elaborate on your problem. I'm not sure what you're trying to say. >> >> What did you expect to happen or retrieve? What did actua

[graylog2] Re: RDBMS plugin on marketplace

Hi Richard, from looking at the plugin source code, it seems like it was written for Graylog 1.3.x, so it's not given that it will work with Graylog 2.x. Have you considered opening a bug report at https://github.com/wizecore/graylog2-output-jdbc/issues? Cheers, Jochen On Monday, 6 February

[graylog2] Re: OutOfMemoryError for Beats plugin

Hi Richard, Which version of the Graylog Beats plugin are you using? Which version of Graylog are you using? What are the hardware specs of the machine(s) running Graylog? Cheers, Jochen On Monday, 6 February 2017 09:03:09 UTC+1, Richard S. Westmoreland wrote: > > I'm getting this error in my

[graylog2] Re: Monitoring Windows DHCP Server Activity

og\collector-sidecar\generated\winlogbeat.yml > - name: filebeat > enabled: false > binary_path: C:\Program Files\graylog\collector-sidecar\filebeat.exe > configuration_path: C:\Program > Files\graylog\collector-sidecar\generated\filebeat.yml > > >

[graylog2] Re: View Dashboard Data

Hi Sridhar, On Saturday, 4 February 2017 00:20:19 UTC+1, Sridhar wrote: > > My question is if i click on a bar in histogram, will that show me there > in some pop-up or any other way what are the logging messages associated > with that bar? > No. Cheers, Jochen -- You received this message

Re: [graylog2] Graylog build and package

Hi Rayees, the Graylog OS packages (DEB and RPM) are built from this repository: https://github.com/Graylog2/fpm-recipes/ Cheers, Jochen On Friday, 3 February 2017 20:46:26 UTC+1, Rayees Namathponnan wrote: > > I tired to create rpm with > mvn rpm:rpm -X build it failed with below > error >

[graylog2] Re: Problem Graylog upgrade from 2.1.2 to 2.1.3 - API

Hi César, make sure to use only plugins in a compatible version. For example the Threat Intelligence Plugin for Graylog is currently not compatible with Graylog 2.1.3. Cheers, Jochen On Friday, 3 February 2017 18:08:43 UTC+1, CESAR Fabre wrote: > > Hi, > > I'm trying the upgrade from 2.1.2 to

[graylog2] Re: Quick Values not working

Hi Steve, On Friday, 3 February 2017 18:05:26 UTC+1, Steve Kuntz wrote: > > There is an error in the graylog.log > > WARN [SearchResource] Unable to execute search: [reduce] > Is there more context around that warning message? Cheers, Jochen -- You received this message because you are

[graylog2] Re: Quick Values not working

Hi Steve, the "quick values" functionality only works if the field is numeric in all messages of the queried time range. If there are some non-numeric values for that message field within the queried time range, you'll receive the error message you've already mentioned. Cheers, Jochen On

[graylog2] Re: Indices and edit Extractor page timing out

Hi Steve, On Friday, 3 February 2017 16:03:04 UTC+1, Steve Kuntz wrote: > > Thanks, I guess I'll wait until 2.2. I need 2 weeks of archive and my > settings are keeping about 2100 indices @20,000,000 messages per index, > which is about 2 weeks for me. > Have you thought about using a

[graylog2] Re: Custom GrayLog Web Plugin Error "Cannot read property 'call' of undefined"

Hi Bill, On Friday, 3 February 2017 13:00:19 UTC+1, Bill Murrin wrote: > > Any assistance you can provide would be appreciated. Here is a link to the > plugin to see if you guys might be able to help me figure out what is > causing it. Once we figure this out, I plan on sharing the plugin on

[graylog2] Re: Monitoring Windows DHCP Server Activity

Hi Rob, How did you configure Graylog? Which inputs did you create and how did you configure them? How did you configure the Graylog Collector Sidecar and what's the generated nxlog configuration? Cheers, Jochen On Thursday, 2 February 2017 23:30:20 UTC+1, Rob Repp wrote: > > I set up a

[graylog2] Re: Indices and edit Extractor page timing out

Hi Steve, the issue with the extractor page might have been fixed in Graylog 2.2.0, see https://github.com/Graylog2/graylog2-server/issues/3366 for the related GitHub issue. Cheers, Jochen On Thursday, 2 February 2017 21:56:32 UTC+1, Steve Kuntz wrote: > > Hi > > This is still a big issue for

[graylog2] Re: Indices and edit Extractor page timing out

Hi Steve, I haven't seen that behavior personally, but I wouldn't rule out that it can happen with a large number of indices. Please think about reducing the number of open indices in your system, either by closing them (System / Indices page) or by archiving them, for example with the

[graylog2] Re: javax.net.ssl.SSLPeerUnverifiedException: Hostname 10.22.5.24 not verified - https

Hi Giwenn, On Friday, 3 February 2017 10:04:51 UTC+1, Giwenn Launay wrote: > > It's good? > As long as you're using serv-XXX-log-2.XXX.XXX.com in your rest_transport_uri setting, it should be fine. Cheers, Jochen -- You received this message because you are subscribed to the Google Groups

[graylog2] Re: How to solve this alert? Notification condition [NO_MASTER] has been fixed.

Hello Jochen, > > But the problem of disk space is from yesterday because a vmware datastore > problem that is already solved. But I want to solve the alert "NO MASTER > fixed" that appears till the first day... > > Thanks > > El jueves, 2 de febrero de 2017, 15:22:

[graylog2] Re: Unable to connect elastic search

Hi Sridhar, 127.0.0.1 is the loopback address, which means that it's only accessible from the very same machine. If you're trying to create an Elasticsearch cluster, you have to use a public IP address of all affected nodes. See

[graylog2] Re: Source Name is not displayed.

Hi Sridhar, Which GELF appender are you using? Did you configure a GELF UDP or a GELF TCP input in Graylog? How did you configure these inputs? Did you check your firewall rules to allow access on port 12201/tcp or 12201/udp? Cheers, Jochen On Thursday, 2 February 2017 16:21:08 UTC+1, Sridhar

[graylog2] Re: Nodes with too long GC pauses

Hi Nitzan, please post the configuration and logs of all Graylog nodes and a description of your hardware. Cheers, Jochen On Thursday, 2 February 2017 17:18:12 UTC+1, Nitzan Haimovich wrote: > > Hi all, > > I'm getting this message (*Nodes with too long GC pauses*) on my Graylog > cluster. I

[graylog2] Re: javax.net.ssl.SSLPeerUnverifiedException: Hostname 10.22.5.24 not verified - https

Hi Giwenn, what are the attributes of your self-signed certificate, especially the CommonName (CN) and optionally the AltSubjName? In your first message, it looks like it was CN=10.22.5.24:9000, which is wrong (it has to be the host name of the Graylog node, i. e. CN=10.22.5.24 or

[graylog2] Re: How to solve this alert? Notification condition [NO_MASTER] has been fixed.

Hi Aitor, these logs clearly show that your Elasticsearch cluster is not healthy: It ran out of disk space multiple times and it can't keep up with indexing messages sent by Graylog (full task queues etc.). You'll have to provide more hardware (esp. more memory, at least 4 GiB) to your

Re: [graylog2] Re: Error on start

Hi Tzvi, On Thursday, 2 February 2017 15:14:46 UTC+1, Tzvi Moshe Arnstein wrote: > > However I'm getting an errr in the browser now: > https://gyazo.com/2398b5bd57aa1e860192ec445ae04ee6 the IP there is the > internal IP > Try setting web_endpoint_uri to http://104.196.203.4:9000/api/. This is

Re: [graylog2] Re: Error on start

Hi Tzvi, On Thursday, 2 February 2017 14:40:13 UTC+1, Tzvi Moshe Arnstein wrote: > > Im not sure what you mean? This is the instance running graylog and this > is the assigned IP, unless I have to do additional configuration to make > this IP work? > The IP addresses set up on the machine are

[graylog2] Re: You are running an outdated Graylog version even after upgrade from 2.1.x to 2.1.3

t; Yes I know it, but its coming back. :) > Pretty annoying when all is "green" and OK. > > > On Wednesday, February 1, 2017 at 5:42:54 PM UTC+2, Jochen Schalanda wrote: >> >> Hi Sinai, >> >> you can close/delete that notification by clicking on th

Re: [graylog2] Re: Error on start

Hi Tzvi, you have to use an IP address or hostname in rest_listen_uri an web_listen_uri, which has been setup *on the machine* running Graylog. Cheers, Jochen On Thursday, 2 February 2017 14:19:05 UTC+1, Tzvi Moshe Arnstein wrote: > > Hi, > Thats the IP assigned to the instance in GCP > When I

[graylog2] Re: How to solve this alert? Notification condition [NO_MASTER] has been fixed.

Hi Aitor, On Thursday, 2 February 2017 14:06:55 UTC+1, Aitor Mendoza wrote: > > *For example: (/var/log/graylog/elasticsearch/graylog.log)* > Please post the *complete* logs of your Graylog and Elasticsearch nodes as text (for example as an attachment to this discussion). Did you run out of

  1   2   3   4   5   6   7   8   9   10   >