[graylog2] Re: What is the setup in the supplied graylog OVA

Hi, please refer to http://docs.graylog.org/en/2.1/pages/installation/virtual_machine_appliances.html and http://docs.graylog.org/en/2.1/pages/configuration/graylog_ctl.html for details about the virtual machine images. Cheers, Jochen On Monday, 16 January 2017 11:11:30 UTC+1, Hyder wrote:

[graylog2] Re: Can't open web console on host IP

Hi, how did you configure Graylog? By default, the Graylog REST API and the web interface will only to localhost (127.0.0.1). Cheers, Jochen On Sunday, 15 January 2017 02:31:40 UTC+1, JayJay wrote: > > Hi, > I just installed latest on CentOS7, and can open the web console on > 127.0.0.1:9000,

[graylog2] Re: collector sidecar - Can't fetch configuration from Graylog API

Hi Scott, without knowing your Graylog configuration, the URI http://:12900/api/ looks wrong. It should probably be either http://:12900/ or http://:9000/api/, depending on your Graylog configuration. Cheers, Jochen On Sunday, 15 January 2017 16:42:38 UTC+1, Scott LeFevre wrote: > > I've setu

[graylog2] Re: mongodb_uri doesn't like multiple server urls?

Hi Jason, please stick to the format explained in http://docs.graylog.org/en/2.1/pages/configuration/multinode_setup.html#graylog-to-mongodb-connection and https://github.com/Graylog2/graylog2-server/blob/2.1.2/misc/graylog.conf#L434-L442 for the mongodb_uri setting. Also see the error mes

[graylog2] Re: hostname missing in logs received from syslog-ng

Hi Li, Graylog is parsing syslog messages according to the syslog protocol standard(s), so it will not repeat the date and the hostname on the start of each syslog message but fill the "timestamp" and "source" message fields accordingly. Also see https://github.com/Graylog2/graylog-guide-sys

[graylog2] Re: java.net.ConnectException: Connection refused: /:9300

Hi Pavan, make sure that Graylog is able to connect to your Elasticsearch cluster and that the published IP address of your Elasticsearch node(s) is correct. See http://docs.graylog.org/en/2.1/pages/configuration/elasticsearch.html#configuration for some hints. Cheers, Jochen On Saturday,

[graylog2] Re: SImple pipelene creation issues

Hi Eugene, On Friday, 13 January 2017 17:39:50 UTC+1, Evgueni Gordienko wrote: > > I did manual message loading and applying the rule and it works as > intended. > No clue how to debug. > I generate message with create_message("metric:123"). > Is the "metric" field also there if you search for t

[graylog2] Re: Incomplete write in php gelf library

Hi, On Friday, 13 January 2017 12:50:53 UTC+1, Алексей Лашнев wrote: > > I'have aready done it. https://github.com/bzikarsky/gelf-php/issues/78 - > but there is no reply yet. So i don't know what's the problem there? In > graylog or in the library... > Since the error message originates from th

Re: [graylog2] Re: Seperate Data from streams in defferent elastic nodes

Hi Richard, On Friday, 13 January 2017 12:40:31 UTC+1, Richard S. Westmoreland wrote: > > Wow! That is going to be an awesome feature in so many different ways. > What kind of timeline do you have for this next release? > We're already in beta phase and will probably publish a release candidat

[graylog2] Re: Can I change dashboard source from input to stream?

Hi Joan, On Friday, 13 January 2017 12:33:35 UTC+1, Joan wrote: > > I've seen that some people are exporting as a content pack and editing the > json, but is this the simplest way to achieve it? > Yes, that's currently the easiest way. Alternatively you can edit the dashboard definition in Mong

[graylog2] Re: Splunk output plugin error

Hi Frank, On Friday, 13 January 2017 14:49:56 UTC+1, Frank wrote: > > There is a grok filter %{SYSLOGBASE2} (from the default logstash grok > patterns) which should format the timestamp correctly. > Did you make sure that the "timestamp" field is an actual timestamp and not a string after using

[graylog2] Re: Seperate Data from streams in defferent elastic nodes

Hi Till, On Friday, 13 January 2017 10:29:45 UTC+1, Till Brinkmann wrote: > > So does anyone can give us a hint how we can delete the AD loggs by days > or > can seperate it in another database store on disk. > This will be possible in Graylog 2.2.0 with index sets. Cheers, Jochen -- You re

[graylog2] Re: SImple pipelene creation issues

Hi Evgueni, do the messages in Graylog, which have been processed by that rule, contain the "metric" message field? Cheers, Jochen On Friday, 13 January 2017 03:10:42 UTC+1, Evgueni Gordienko wrote: > > Hi All, > > Need some help with creating simple test pipeline. > I created pipeline Test and

[graylog2] Re: Splunk output plugin error

On Thursday, January 12, 2017 at 2:21:40 PM UTC+1, Jochen Schalanda wrote: >> >> Hi Frank, >> >> it looks like the "timestamp" message field in one (or more) of your >> messages has the wrong type (String as opposed to being an actual >> timestamp).

[graylog2] Re: Incomplete write in php gelf library

Hi, make sure that you're using the latest version of the gelf-php library from https://github.com/bzikarsky/gelf-php. If the problem still occurs, please create a bug report at https://github.com/bzikarsky/gelf-php/issues/. Cheers, Jochen On Thursday, 12 January 2017 10:35:09 UTC+1, Алексей Л

[graylog2] Re: Split message without drools

Hi Evgueni, On Wednesday, 11 January 2017 19:05:29 UTC+1, Evgueni Gordienko wrote: > > Thanks for update - when is 2.2 release due? > The first release candidate will probably be released next week. This is my use case(s): > I have a record of format > > [TimeStamp] cpu_percent= > This look

[graylog2] Re: Graylog doesn't process anymore.

Hi Leonardo, unfortunately the disk journal can get corrupted if the disk fills up, so you'll have to delete the disk journal (and the messages it contains). See http://docs.graylog.org/en/2.1/pages/configuration/file_location.html for the specific file location. Cheers, Jochen On Wednesday,

[graylog2] Re: Splunk output plugin error

Hi Frank, it looks like the "timestamp" message field in one (or more) of your messages has the wrong type (String as opposed to being an actual timestamp). This *shouldn't* happen, but maybe rotating indices (System / Indices / Maintenance) will help. Cheers, Jochen On Thursday, 12 January

[graylog2] Re: Installing Graylog on Ubuntu

Hi, your MongoDB server isn't running or isn't accessible for Graylog. Cheers, Jochen On Wednesday, 11 January 2017 12:06:47 UTC+1, Hyder wrote: > > Hello, > > So I have followed the instructions on this link > which > is all d

[graylog2] Re: NGINX Proxy reports "upstream response is buffered to a temporary file" erros when accessing Graylog

Hi Jan, the warning message simply means that the response is larger than the internal nginx buffer to store upstream responses. You can configure this buffer in your nginx configuration with the client_body_buffer_size

[graylog2] Re: Split message without drools

Hi Evgueni, On Wednesday, 11 January 2017 01:01:57 UTC+1, Evgueni Gordienko wrote: > > I us 2.1.2 GL and need to split message by spaces and then split second > item in result by '='. > I can not find split in my release of GL. > The split() function was only added to Graylog 2.2.0: https://git

[graylog2] Re: Filebeats collector only one output or multiple extractors on the same input

Hi Bryan, each message from Filebeats includes the name of the file it was read from (in the "file" message field), so you could simply create extractors or pipeline rules to handle these differently. If you want to run multiple Filebeats instances, that's also possible but the Graylog Collect

[graylog2] Re: Adding Graylog node

Hi Matt, please refer to the Graylog documentation about multi-node setups: http://docs.graylog.org/en/2.1/pages/configuration/multinode_setup.html Cheers, Jochen On Tuesday, 10 January 2017 20:59:45 UTC+1, Matt Antil wrote: > > I'm stuck. I have deployed a cluster with 1 Graylog node + 2 >

[graylog2] Re: Using custom fields in drool rules

Hi Anant, On Tuesday, 10 January 2017 15:52:05 UTC+1, Anant Sawant wrote: > > Q1. Is it possible to use custom fields into drool rules. > Q2. If possible where can I find the docs which tells how to do it. > Yes, you can use custom fields in Drools rules, but you have to use the getField() metho

[graylog2] Re: How do I set stopwords in server.conf

Hi, On Tuesday, 10 January 2017 14:39:35 UTC+1, Zhiyuan Lei wrote: > > Then I generate a new index, It doesn't take affect. > As described in the documentation, you cannot overwrite or modify the Graylog index template but have to create a new index template with a higher priority ("order"). I

[graylog2] Re: How do I set stopwords in server.conf

Hi, On Tuesday, 10 January 2017 09:56:55 UTC+1, Zhiyuan Lei wrote: > > but graylog doesn't have an option to set the pattern. It only can set > elasticsearch_analyzer. > Correct, but you can use custom index templates for this, see http://docs.graylog.org/en/2.1/pages/configuration/elasticsear

[graylog2] Re: Ideal multi-node VM setup on AWS

Hi Wells, On Tuesday, 10 January 2017 01:06:52 UTC+1, we...@littlstar.com wrote: > > First, I'm wondering how the extra MongoDB instance works with the > graylog-ctl script. In the documentation, it only specifies how to set up a > data node or a server node, not a MongoDB-only node. Should I j

[graylog2] Re: How do I set stopwords in server.conf

Hi, you could probably use the pattern analyzer to split the message terms but that would of course impact all ingested messages, not just the ones you've mentioned as an example. If these fields have

Re: [graylog2] Re: Index rotation problem - "config not found"

Hi Wells, On Monday, 9 January 2017 20:10:54 UTC+1, Wells Johnston wrote: > > I noticed that mistake and I thought I deleted that post! How are you > still able to see it? > Each post on this Google Group is automatically sent out to the (email) subscribers, see https://www.mail-archive.com/gra

[graylog2] Re: Index rotation problem - "config not found"

/blog/post/how-to-avoid-a-malicious-attack-that-ransoms-your-data to understand the issue at hand. Cheers, Jochen On Monday, 9 January 2017 19:15:17 UTC+1, Jochen Schalanda wrote: > > Hi Wells, > > what's the content of the cluster_config collection in MongoDB and > specifi

[graylog2] Re: Index rotation problem - "config not found"

Hi Wells, what's the content of the cluster_config collection in MongoDB and specifically the document with "type" == "org.graylog2.indexer.management.IndexManagementConfig"? Example: $ mongo graylog MongoDB shell version v3.4.0 connecting to: mongodb://127.0.0.1:27017/graylog MongoDB server v

[graylog2] Re: API token different response

Hi Norbert, On Monday, 9 January 2017 13:07:55 UTC+1, Norbert Kiss wrote: > > Unfortunately based on our security policy I can't share more that I did > it before, but now I show the full process. > In that case I can only tell you that the whole access token functionality works for me™. As a

[graylog2] Re: API token different response

Hi Norbert, see http://docs.graylog.org/en/2.1/pages/configuration/rest_api.html#creating-and-using-access-token for instructions about using access tokens with the Graylog REST API. If, after reading the documentation carefully, you're still unable to make the access token work, please post

[graylog2] Re: mongodb down and settings lost

Hi Sven, On Monday, 9 January 2017 11:23:01 UTC+1, Sven Lieckfeldt wrote: > > Any help would be appreciated to get my config back and running. > Many settings in MongoDB from Graylog 1.3.x are compatible with Graylog 2.x or will automatically be migrated. Unless you have success recovering the

[graylog2] Re: Graylog 2.1 SSO Plugin with Shibboleth

Hi Florent, On Monday, 9 January 2017 11:24:21 UTC+1, Florent Delvaille wrote: > > Anybody has any news about this problematic? > You can subscribe to https://github.com/Graylog2/graylog-plugin-auth-sso/issues/17 to stay up-to-date about the progress on this issue. Cheers, Jochen -- You rec

[graylog2] Re: unable to receive syslog/tls from Cisco devices

Hi Jason, if you're using TLS client certificates (and client certificate verification), you either have to add the CA certificate or all the client certificates to the JVM's trust store, see http://docs.graylog.org/en/2.1/pages/configuration/https.html#adding-a-self-signed-certificate-to-the-

[graylog2] Re: Force use of IP address

Hi, On Monday, 9 January 2017 00:45:33 UTC+1, lsch...@palatine.il.us wrote: > > I tried to specify the rest and web listening address, but no change. > How exactly did you do this? And how did you configure the OVA in general? Cheers, Jochen -- You received this message because you are subscr

Re: [graylog2] Re: Very low message throughput after upgrading from GL 1.3.4/ES 1.7.1 to GL2.1.1/ES 2.3.5 + Error messages

Hi Bob, On Friday, 6 January 2017 16:27:36 UTC+1, Bob wrote: > > Do you recommend high volume nodes be physical? > Yes. Cheers, Jochen -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails f

[graylog2] Re: Force use of IP address

Hi, how exactly did you install Graylog? How exactly did you configure Graylog? And finally, which exact version of Graylog are you running? Cheers, Jochen On Friday, 6 January 2017 23:05:04 UTC+1, lsch...@palatine.il.us wrote: > > The machine I am setting up for a graylog server has two interf

[graylog2] Re: winlogbeats and graylog

Hi Jiří, On Friday, 6 January 2017 22:44:47 UTC+1, Jiří Kolb wrote: > > I would like to capture logs from windows. I installed winlogbeats and > configured beats input on graylog. I can see that connection is > estabilished, but I receive no answer. I used wireshark and curl to debug > this, bu

[graylog2] Re: amqp input vs zeromq plugin

Hi Richard, AMQP (AMQP 0.9.1 as supported by RabbitMQ ) and ZeroMQ are completely different protocols. They are not compatible in any way. Cheers, Jochen On Satu

[graylog2] Re: graylog REST: All messages from stream or from specific server

Hi Till, On Friday, 6 January 2017 11:43:32 UTC+1, Till Brinkmann wrote: > > But I do not understand how to get alle messages in a certain time rage > from the stream. > > Is that possible via the REST ? > Yes, that's possible. Simply use the /search/universal/absolute resource in the Graylog

[graylog2] Re: Graylog log sources

Hi Jiří, On Friday, 6 January 2017 08:50:47 UTC+1, Jiří Kolb wrote: > > How to captures logs that are stored on database systems? Is there any > collector for it? > This completely depends on the database you're using. Logstash's JDBC input might be a good start: https://www.elastic.co/guide/e

Re: [graylog2] Graylog stopped working

Hi, On Friday, 6 January 2017 05:00:52 UTC+1, cyph...@gmail.com wrote: > > One last question, how can I prevent running out of space. > The simple (and correct) answer is: Monitor your disk space usage and send a notification if you start running out of disk space. Also see http://docs.graylo

[graylog2] Re: Multi tenancy

Hi Jiří, Graylog itself doesn't support multitenancy, but it's fairly easy to automatically set-up a Graylog cluster using the official Chef/Puppet/Ansible modules or the virtual machine image (OVA). But maybe the streams functionality of Graylog is already sufficient for your use cases: http:

[graylog2] Re: Graylog - Linux Clients Timezone

Hi Leonardo, On Thursday, 5 January 2017 16:21:38 UTC+1, Leonardo D'Angelo Gonçalves wrote: > > How workaround this problem > Make sure that all timestamps in your syslog messages include a timezone. See https://github.com/Graylog2/graylog-guide-syslog-linux#readme for details about the confi

[graylog2] Re: Graylog Docker container and SMTP configuraiton

Hi, your issue sounds a lot like https://github.com/Graylog2/graylog2-server/issues/1512 which will be resolved in Graylog 2.2.0. Cheers, Jochen On Thursday, 5 January 2017 14:03:21 UTC+1, Donal wrote: > > Hi, > > I'm running Graylog using docker and run all 3 containers for Graylog > (Graylo

[graylog2] Re: Very low message throughput after upgrading from GL 1.3.4/ES 1.7.1 to GL2.1.1/ES 2.3.5 + Error messages

Hi Jerri, On Thursday, 5 January 2017 14:34:08 UTC+1, Jerri Son wrote: > > of that I am aware, alas, a SAN usually provides storage for a virtual > infrastructure and as such acts as a "local" drive :) > The disk journal implementation makes heavy use of the disk (write-through) cache to retain

Re: [graylog2] Graylog stopped working

Hi, On Thursday, 5 January 2017 13:10:57 UTC+1, cyph...@gmail.com wrote: > > May I delete the disk journal now and how? > You can simply empty the journal directory while Graylog is not running, see http://docs.graylog.org/en/2.1/pages/configuration/file_location.html for the specific path for

[graylog2] Re: Graylog - Linux Clients Timezone

Hi Leonardo, try running a search "in the future", i. e. use an absolute time range and select a time in the future (more than 2 hours) as end of the time range. If you see your messages, it's a simple problem with the timezones of the message timestamps (i. e. it's probably missing from the sy

[graylog2] Re: Email alert Graylog 2.1 error !!!

Hi, On Thursday, 5 January 2017 14:20:53 UTC+1, Dinh Manh wrote: > > Hi Jochen. I check my certificate in /etc/ssl/certs/java/cacerts. It is > empty ! :( Do you have any suggestion? I'm not understand well about how to > configure java in Graylog :( > Simply install the ca-certificates-java <

[graylog2] Re: Email alert Graylog 2.1 error !!!

:03 UTC+1, Jochen Schalanda wrote: > > Hi, > > which exact version of Java are you using and which JRE? > > Cheers, > Jochen > > On Thursday, 5 January 2017 12:47:53 UTC+1, Dinh Manh wrote: >> >> Hello, i am using Graylog 2.1 and i can't send email

[graylog2] Re: Email alert Graylog 2.1 error !!!

Hi, which exact version of Java are you using and which JRE? Cheers, Jochen On Thursday, 5 January 2017 12:47:53 UTC+1, Dinh Manh wrote: > > Hello, i am using Graylog 2.1 and i can't send email alert ( even test > mail ). > Firstly, i configure postfix mail to send a test email, everything seem

[graylog2] Re: Added BRO IDS Logs content pack on the marketplace

Hi, On Thursday, 5 January 2017 12:54:41 UTC+1, SawWinn Naung wrote: > > Can't import in Graylog v2.1.2 > If you provided some information about the problem or even created a ticket in the corresponding GitHub repository at https://github.com/alias454/graylog-bro-content-pack/issues, people mi

Re: [graylog2] problems connecting to the Graylog server with OVA

Hi, Port 443 is not up running. > If you didn't configure the OVA to use HTTPS, it will only start an HTTP listener. Generally, please post the output of the sudo graylog-ctl reconfigure command. Cheers, Jochen -- You received this message because you are subscribed to the Google Groups "G

[graylog2] Re: Postfix

Hi Janis, you could use simple syslog to send these messages to Graylog: https://github.com/Graylog2/graylog-guide-syslog-linux/blob/master/README.md Cheers, Jochen On Wednesday, 4 January 2017 12:09:35 UTC+1, Janis Apsitis wrote: > > Hi folks > > > i am new in Graylog and looking for smal

[graylog2] Re: Slow web interface and overly large JS files

Hi Richard, On Wednesday, 4 January 2017 04:43:27 UTC+1, Richard S. Westmoreland wrote: > > Also is this the best place to post this? Or is there a dev/eng specific > forum I can put these kinds of requests on? > You can file bug reports and feature requests as issues on GitHub at https://gith

[graylog2] Re: Feature Request: JS client only calls Web URI

Hi Richard, the Graylog web interface (in version 2.x) has been designed to be a single-page application (SPA) which, once it has been loaded by the user's web browser, will only communicate with the Graylog REST API. You can override the default URI the web interface is using with the web_end

[graylog2] Re: Chatty ajax

Hi Richard, On Wednesday, 4 January 2017 07:53:43 UTC+1, Richard S. Westmoreland wrote: > > Is there anyway to change the ajax request time from 1s to something like > 5s? I looked around the documentation and configuration but couldn't find > any options for setting this. > There's currently

Re: [graylog2] Re: 30% CPU usage

Hi Stefano, On Tuesday, 3 January 2017 14:15:23 UTC+1, Stefano Tranquillini wrote: > > any idea? it keeps replicating the behaviour and I don't get why. > what does "pretty much the same load and configuration" mean exactly? What do the logs of both Graylog nodes say? Cheers, Jochen > > -- Y

[graylog2] Re: Very low message throughput after upgrading from GL 1.3.4/ES 1.7.1 to GL2.1.1/ES 2.3.5 + Error messages

Hi Jerri, the Graylog disk journal should *always* run locally and *never* be placed on a "remote" disk (like a SAN or any other network storage). You can change the journal directory with the message_journal_dir

[graylog2] Re: Timestamps in message received do not match

Hi Amilcar, the two timestamps denote the same date and time but using a different timezone (the one in the message details being UTC). See https://github.com/Graylog2/graylog2-server/issues/2689 for a related issue on GitHub. Cheers, Jochen On Friday, 30 December 2016 23:14:26 UTC+1, Amilcar

[graylog2] Re: Formatter support for gelf-rb

Hi Francisco, On Friday, 30 December 2016 16:50:01 UTC+1, francis...@applift.com wrote: > > I'd like to know if I should open a pull request for that. This fixes this > issue: https://github.com/Graylog2/gelf-rb/issues/51 > Yes, please open a PR for your changes. Thanks for your contribution! C

[graylog2] Re: how can i create a search for 50 or more IP addresses?

Hi, On Friday, 30 December 2016 14:42:59 UTC+1, brycan wrote: > > do i have to create the search with each one having an "or"? > Yes, that's currently the only way (except for "hacks" like using wildcards in your search queries, see http://docs.graylog.org/en/2.1/pages/queries.html#search-query

[graylog2] Re: does sidecar support other beats or only logbeat and filebeat?

Hi Mike, the Graylog Collector Sidecar currently only supports nxlog, Filebeat and Winlogbeat. You can create a feature request at https://github.com/Graylog2/collector-sidecar/issues for your favorite beats or, even better, provide pull requests implementing the missing functionality. Cheers

Re: [graylog2] Graylog stopped working

Hi, you first have to fix the cluster health state of your Elasticsearch cluster before you should even think about deleting the Graylog disk journal. Check the Elasticsearch logs for corresponding hints: http://docs.graylog.org/en/2.1/pages/configuration/file_location.html#omnibus-package C

[graylog2] Re: How can i query by String When this String in the middle of a message?

Hi, you have to use wildcards in your search query to indicate that the string is part of a larger string, i. e. "a539d095b00443cabfcca53c74a65d9e*". You might have to enable the allow_leading_wildcard_searches

[graylog2] Re: system/nodes only showing one graylog server

Hi Jeremy, On Thursday, 29 December 2016 12:14:01 UTC+1, Jeremy Monnet wrote: > > I have found in the setup > /opt/graylog/conf/graylog.conf:266:mongodb_uri = > mongodb://IP2323:27017/graylog > on nodes 2 and 3, is that enough ? > The Graylog configuration file will be overwritten when you run

[graylog2] Re: can not connect to Web interface

Hello Hui, the cluster.name setting in your Elasticsearch configuration looks strange. Make sure that elasticsearch_cluster_name (in Graylog's configuration file) and cluster.name (in Elasticsearch's configuration file) are identical. You also configured Graylog to bind the web interface and th

[graylog2] Re: system/nodes only showing one graylog server

Hi Jeremy, multi-node setups with the OVA are described at http://docs.graylog.org/en/2.1/pages/configuration/graylog_ctl.html#multi-vm-setup . All Graylog nodes have to have access to the same MongoDB database in order for the cluster work. Cheers, Jochen On Thursday, 29 December 2016 10:49:

[graylog2] Re: !!! Please Help, service port 9000 cannot start

Hi, please check the logs of Graylog and the related services in the virtual machine for error messages. See http://docs.graylog.org/en/2.1/pages/configuration/file_location.html#omnibus-package for a list of default file locations in the OVA. Cheers, Jochen On Tuesday, 27 December 2016 11:

[graylog2] Re: Creating multiple dashboards for multiple servers' logs

Hi Harsh, you could probably use content packs for this, see the *System / Content packs* page in your Graylog web interface. Cheers, Jochen On Monday, 26 December 2016 08:09:55 UTC+1, Harsh Choudhary wrote: > > Hi > > I have a lot of servers in a cluster and I want to collect logs from all >

[graylog2] Re: 30% CPU usage

Hi Stefano, you could take a look at the thread dump of that Graylog instance via the /system/threaddump resource of the Graylog REST API or attach a profiler like VisualVM to the Java process. Cheers, Jochen On Wednesday, 28 December 2016 12:33:21 UTC+1, Stefano

[graylog2] Re: Alerts based on schedule

Hi Brandon, I'd recommend outsourcing more complex alerting logic to dedicated services like PagerDuty or OpsGenie. See https://marketplace.graylog.org/addons?tag=alarm for available integrations on the Graylog Marketplace. Cheers, Jochen On Thursday, 22 December 2016 02:32:34 UTC+1, BKeep wr

[graylog2] Re: graylog - filebeat logging

Hi, On Thursday, 22 December 2016 11:33:06 UTC+1, mytempledarkstar wrote: > > Do You have andy advice that stop collect linst when appears finish of > sql. I have to catch everything after timestamp and stop collecting after > finish sql. After sql can appear anything. > If you have any access

[graylog2] Re: Cors, preflight Options 405 - Method not allowed

Hi Hesyar, as already explained on IRC, the GELF HTTP input currently doesn't support HTTP OPTIONS requests. This will (most likely) be fixed in Graylog 2.2.0: https://github.com/Graylog2/graylog2-server/pull/3234 Cheers, Jochen On Thursday, 22 December 2016 11:38:52 UTC+1, Hesyar Uzuner wrot

[graylog2] Re: graylog - filebeat logging

Hi, I'd recommend matching the timestamp as start of the log entry, e. g. "2016-12-05 14:07:45,399" would be matched by "\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2},\d{1,3}". See https://www.elastic.co/guide/en/beats/filebeat/current/multiline-examples.html for some examples. Cheers, Jochen On Thur

[graylog2] Re: Setting up retention of logs at 6 months with Graylog2 OVA install

Hi Dustin, On Thursday, 22 December 2016 05:21:20 UTC+1, Dustin O'Bier wrote: > > Hoping for some guildance with setting up our graylog2 server retention > policy right now it is not deleting logs would like to save 6 months of > logs and delete the rest. Please help. > You can configure this

[graylog2] Re: Querying and aggregating (group by)

Hi David, On Tuesday, 20 December 2016 15:51:50 UTC+1, David Coleman wrote: > > How can I query in graylog and aggregate the results - > That's currently not possible. The closest thing would be using "Quick Values" on a message field, although that's no aggregation. Cheers, Jochen -- You re

[graylog2] Re: Remove persistent setting

Hi Steve, this setting can't be unset in Elasticsearch 2.x, see https://www.elastic.co/guide/en/elasticsearch/reference/2.4/cluster-update-settings.html for the correct documentation for your Elasticsearch version. Cheers, Jochen On Tuesday, 20 December 2016 16:53:47 UTC+1, Steve Kuntz wrote

[graylog2] Re: Graylog on ArchLinux

Hi Igor, how exactly did you install Graylog (step-by-step) and what kind of container (with which settings) are you using? Cheers, Jochen On Monday, 19 December 2016 21:52:40 UTC+1, Igor Camargo wrote: > > i try to run graylog inside a linux container with archlinux OS. install > elasticsearc

[graylog2] Re: Web interface connecting issue

Hi Ed, On Monday, 19 December 2016 21:40:44 UTC+1, Ed Berlot wrote: > > However the documentation really has very little detail explaining a > specific function I';ve also tried to compare the appliance configuration > (which I have working) with the manual install, but they're vastly > differ

[graylog2] Re: Setting up buffers

Hi Steve, see https://github.com/Graylog2/graylog2-server/blob/2.1.2/misc/graylog.conf for the reference configuration file with comments explaining all settings. Cheers, Jochen On Monday, 19 December 2016 21:06:57 UTC+1, Steve Kuntz wrote: > > Hi I can't seem to find any documentation on-line

[graylog2] Re: Web interface connecting issue

Hi Ed, there are multiple issues with your configuration. Check the documentation and your config file for the following settings: web_listen_uri, web_endpoint_uri , elasticsearch_discovery_zen_ping_u

[graylog2] Re: Can fields be clickable from search results?

Hi Brandon, On Saturday, 17 December 2016 19:38:01 UTC+1, BKeep wrote: > > Is there a way to make fields clickable in search results? > That's currently not possible, but it might be easy enough to implement by extending decorators: http://docs.graylog.org/en/2.1/pages/queries.html#decorators

[graylog2] Re: Anybody know how to debug graylog on Intellij IDEA?

Hi Michael, On Saturday, 17 December 2016 09:47:55 UTC+1, Michael Mo wrote: > > Now I need to create an edit configuration to launch/debug graylog > service, but the README doesn't say very clear(Then create a server run > configuration, but use the classpath of the module "runner".) > It's pre

[graylog2] Re: Alert Configuration - Callback per message (no grace period)

Hi Zi, On Monday, 11 May 2015 20:52:08 UTC+2, Zi Dvbelju wrote: > > Is there a way to configure the alerts so that I will receive an > individualized alert for every message that is routed to a stream? > No, that's not possible. Cheers, Jochen -- You received this message because you are su

[graylog2] Re: Set a new field name knowing just a value

Hi Brandon On Friday, 16 December 2016 17:32:36 UTC+1, BKeep wrote: > > Never mind I'm dumb. > This works just fine. The double quotes " were the problem. > For clarification: the double quotes are only required for the regular expression functions because they return an array indexed by strings

[graylog2] Re: Graylog 2.1.2+50e449a in Docker - TimeZone and Timestamps for messages

Hi Mike, this totally sounds like a problem with the system time on/in the virtual machine you're running Docker in. Check that the system time in your VM is correct and synched with the host system. Cheers, Jochen On Thursday, 15 December 2016 19:51:23 UTC+1, Mike Norris wrote: > > Hi > > I

[graylog2] Re: GELF messages dropped

Hi Rui, this is a bug in Telegraf, see https://github.com/influxdata/telegraf/issues/2045. Cheers, Jochen On Thursday, 15 December 2016 14:56:27 UTC+1, Rui Goncalves wrote: > > Hi all, > > I'm collecting messages using the Telegraf metrics collector ( > https://github.com/influxdata/telegraf) a

[graylog2] Re: Improved retention

Hi Filippo, you can assign index sets to streams, not to inputs. If you want to store all messages of a particular input into specific indices, you'll have to create a stream for these inputs (e. g. by creating a stream rule using the gl2_source_input message field). Cheers, Jochen On Thursda

[graylog2] Re: elasticsearch_max_number_of_indices change doesn't appear to be listened to?

Hi Jason, starting with Graylog 2.0.0, these settings can be configured on the System / Indices page, see http://docs.graylog.org/en/2.1/pages/upgrade/graylog-2.0.html#index-retention-and-rotation-settings for details. Cheers, Jochen On Wednesday, 14 December 2016 21:43:51 UTC+1, Jason Haar

[graylog2] Re: syslog udp earror

Hi Charana, please check the logs of your Graylog and Elasticsearch nodes: http://docs.graylog.org/en/2.1/pages/configuration/file_location.html It also wouldn't hurt if you elaborated just a little bit more on your problems instead of just pasting an error message into the message… Cheers, Jo

[graylog2] Re: Indices and edit Extractor page timing out

Hi Steve, which version of Graylog and Elasticsearch are you using? Cheers, Jochen On Wednesday, 14 December 2016 16:46:36 UTC+1, Steve Kuntz wrote: > > Hi, > > Has anyone else seen this behavior? Everything works well until I hit the > Indices page or the try to edit an extractor. After this s

[graylog2] Re: WebTrends Enhanced Log file Format (Welf) to graylog

Hi Anas, On Wednesday, 14 December 2016 16:36:35 UTC+1, Benbrahim Anass wrote: > > if i try that with a GELf input will it be resolved? > No, why would it solve your problem? Cheers, Jochen -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To

[graylog2] Re: WebTrends Enhanced Log file Format (Welf) to graylog

;,"rawmsg":"<14>Dec 14 12:44:12 172.55.66.220 id=firewall > time="2016-12-14 13:01:03" fw="toto" tz=+0100 startime="2016-12-14 > 12:59:02" > pri=5 confid=01 slotlevel=2 ruleid=40 srcif="Vlan88" srcifname="Nottoday&quo

[graylog2] Re: WebTrends Enhanced Log file Format (Welf) to graylog

Hi Anas, WELF (?) is not being supported by Graylog out-of-the-box, but you could quite easily write a plugin for that format. Cheers, Jochen On Wednesday, 14 December 2016 15:08:11 UTC+1, Benbrahim Anass wrote: > > Hi everybody, > > i'm wondering if there is an input for Welf Logs or they will

Re: [graylog2] Re: How to Encrypting Syslog Traffic with TLS (SSL)

e same email again and again. But i didn't get any > answer for my question, can you please answer them. > > On Wed, Dec 14, 2016 at 12:49 AM, Jochen Schalanda wrote: > >> Hi Ranga, >> >> please refrain from posting the same email again and again: >> h

[graylog2] Re: numeric fields from pipeline

Hi Siddhartha, using the to_long() function is the correct way. Additionally, you can create a custom Elasticsearch index mapping and specify these fields as numeric, see http://docs.graylog.org/en/2.1/pages/configuration/elasticsearch.html#custom-index-mappings for details. Cheers, Jochen

Re: [graylog2] Re: Check Graylog Storage Capcity

Hi, On Tuesday, 13 December 2016 23:08:21 UTC+1, quest monger wrote: > > Does the Graylog Web console/dashboard provide any metrics related to > this. I found a lot of metrics there for JVM and network throughput, but > nothing for ES storage capacity. For example, it would be nice to know if >

<    1   2   3   4   5   6   7   8   9   10   >