Re: [graylog2] Chunking format, some examples?

Hi! I would greatly recommend using GELF over TCP for this. Chunking is only necessary for larger messages when using UDP because of the packet size limitations inherent with UDP. IMHO UDP really is only useful for short messages that get sent inline of some application, where you want less

Re: [graylog2] Graylog 1.2 LDAP Integration Error.

> On 18 Sep 2015, at 16:05, ivan morozov wrote: > > So far i know to keep the input configurations/ grok patterns / custom > extractors, i have to use the same NODE_ID and same password_secret. > I estimate when i change it i will lose all this configurations? Do you

Re: [graylog2] Graylog 1.2 LDAP Integration Error.

This is because your password_secret in the server.conf is too short. We use AES to encrypt the system password and AES needs 16 characters as inputs from the secret. If it is too short, then we can’t encrypt it. If you change it, then you need to reset the passwords of all users except the

Re: [graylog2] upgrading graylog-server from 1.16 to 1.2rc4 totally broke all LDAP access

of the common cases, so the group traversal is only done when editing the group mapping. cheers, -k > On 10 Sep 2015, at 09:54, Kay Röpke <kroe...@gmail.com> wrote: > > Jason, > > I’ve just found this in the LDAP library we use: > https://issues.apache.org/jira/bro

Re: [graylog2] Journal reader single-threaded?

Hi! > On 11 Sep 2015, at 18:42, David Dunstan wrote: > > I'm looking to get some confirmation here ... > > We are running 1.1.2 with journaling on. > > We got ourselves into a situation where poor Elasticsearch latency caused our > buffers and our journal to fill up.

Re: [graylog2] graylog extractor regular expression

Hi! You can use standard regular expression syntax here (the Java flavor). Simply anchor the regex at the end of the string. /(\w+)$ That should do the trick, you can verify in the extractor builder. cheers, -k > On 12 Sep 2015, at 20:02, Sriranga Kulkarni wrote: > > I

Re: [graylog2] upgrading graylog-server from 1.16 to 1.2rc4 totally broke all LDAP access

Jason, I’ve just found this in the LDAP library we use: https://issues.apache.org/jira/browse/DIRAPI-196 According to the code change this is simply a warning that gets logged as an error, but it does not stop processing the entry. I’ve

Re: [graylog2] Accessing server.conf parameter from plugin

Hi! > On 10 Sep 2015, at 17:43, Sivasamy Kaliappan wrote: > > Hi, > > I need to access the value of http_proxy_uri parameter configured in > server.conf file from my plugin. I see that BaseConfiguration class has > methods to access server.conf values. > I do not see an

Re: [graylog2] Graylog Web Inteface Issue

Hi Anant, the build assumes it can execute git to determine the current commit. Your machine doesn’t have the command in the path, so you have two options: 1) install git and add it to the PATH 2) temporarily replace the command execution in the build file. For option 2 check the

Re: [graylog2] is there a GELF over HTTPS option?

Hi Jason, please check out the 1.2 RC we published earlier today: https://www.graylog.org/announcing-graylog-1-2-rc/ It includes TLS support for HTTP as well as TCP keepalive. Each POST is still limited to a single GELF message, though.

Re: [graylog2] Bundeling/copying all executable jars after comiling graylog

Hi! We use the assembly plugin to do this. Run mvn assembly:single (or mvn package) to perform the same steps our build system does. Please have a look at the travis.yml: https://github.com/Graylog2/graylog2-server/blob/master/.travis.yml

Re: [graylog2] Users and access on Global search

Hi! It won’t be in 1.2, even though you could in theory grant the necessary permissions to roles. The main problem is that access global search requires more than just the search permissions in order to successfully use the search pages. Right now this is only possible via the REST API, have a

Re: [graylog2] how about abstracting out authentication via reverse-proxy?

Hi! The problem with the “let graylog web pass on things” idea is that it is not the web interface that decides on authentication/authorization at all, but the server (in fact, all servers in the cluster do so). What the web interface does is to pass on the entered credentials, and the server

Re: [graylog2] Re: Graylog Message get the Index

Yes, that is correct, it is currently not possible to find the index name before it is written to elasticsearch. Getting the current deflector target name is the best option for now. Alternatively you could perform a search with the message id, but that has other problems like the fact that there

Re: [graylog2] CSV export failure from a stream using web ui

Yes, that should be the problem. We are just now in the processing of building 1.1.4, that should fix the issue. Will come out later today. cheers, -k On 30 Jun 2015, at 11:51, Mathieu Grzybek mathieu.grzy...@gmail.com wrote: Hi, I have just upgraded from 1.0.1-1 (deb package) to the

Re: [graylog2] Graylog plugin - elastic field types

Hi Jesse! On 23 Jun 2015, at 00:11, Jesse Skrivseth voodood...@gmail.com wrote: The Message class has several field types that can be explicitly declared when adding fields to messages. It seems to support: Double Long String If I want to attach a field as a custom elastic type such

Re: [graylog2] System-Users list empty in UI after upgrade from 1.0.2.5 to 1.1.2

On 17 Jun 2015, at 20:26, Jesse Skrivseth voodood...@gmail.com wrote: The UI doesn't show any users in the list, though the users still exist in Mongo and can log in. Is this a known issue? No I have not seen this before. Are there any errors in the Javascript console in the browser? Could

Re: [graylog2] Anonymous Usage Statistics plugin

Hi! Please have a look at https://github.com/Graylog2/graylog-plugin-anonymous-usage-statistics/blob/master/README.md https://github.com/Graylog2/graylog-plugin-anonymous-usage-statistics/blob/master/README.md for the configuration options :) Best regards, Kay On 15 Jun 2015, at 11:22,

Re: [graylog2] Multi-region Graylog

On Fri, Jun 12, 2015, 10:12 AM Henrik Johansen hen...@myunix.dk wrote: Hello Kay, Will there be support for using Tribe nodes to cater for multi cluster scenarios at some point in the near future ? On 12 Jun 2015, at 09:41, Kay Röpke kroe...@gmail.com wrote: Hi! On 12 Jun 2015, at 04:37

Re: [graylog2] Upgrade to 1.1, total mess

Hi! Disappearing inputs are usually a problem if the previous node id file wasn’t copied to a new installation, and since the inputs use the node id, the new installation won’t load anything tied to a specific node. No logs collecting, well if there are no inputs… Do you have any screenshots

Re: [graylog2] Extractors with Wildcards Cause High CPU/Load Average

Pete, The extractors themselves do not look too bad, but however whenever you use leading wildcards to extract similar data, the work that the extractors have to do is repeated, since they are executed one after the other. If there's no better way to extract that data, you might want to look

Re: [graylog2] Upgrade to 1.1, total mess

On 05 Jun 2015, at 12:09, Josep Maria Comas Serrano josepmariaco...@gmail.com wrote: Surprisingly, web interface is working OK now, but I don't think this issue is related to the other, maybe it was just spurious Ok good to hear. We’ve had reports of an Exception that we will fix

Re: [graylog2] Error Connecting to Elasticsearch Cluster

Hi Tyler! Have you double checked both the cluster.name on the master as well as the version of Elasticsearch? Graylog in the version you are running is using Elasticsearch 1.3.7. It looks like Graylog can successfully reach your master node for discovery, but then fails to join the cluster.

Re: [graylog2] Re: grok extractors not working

an extractor is configured and when it is in effect, at least in this environment. Another thing to note is that the data on this input is TLS encrypted GELF via TCP, and the data is coming in from NXLog using GELF_TCP. On Thursday, May 28, 2015 at 3:25:05 PM UTC-6, Kay Röpke wrote: I'm

Re: [graylog2] Re: grok extractors not working

Many thanks! I will have a look in the morning. In the meantime it would be helpful if you could give 1.1.0-beta.3 a shot. It ships with an updated java-grok library. You can find the link to an OVA for convenience at the end of this blog post:

Re: [graylog2] Re: grok extractors not working

to upgrade in-place or at least without data loss? On Thursday, May 28, 2015 at 3:18:06 PM UTC-6, Kay Röpke wrote: Many thanks! I will have a look in the morning. In the meantime it would be helpful if you could give 1.1.0-beta.3 a shot. It ships with an updated java-grok library. You can

Re: [graylog2] Grok sub-patterns cannot be discarded?

now? I will try and do that for the subpatterns. On Wednesday, 22 April 2015 00:39:19 UTC+2, Kay Röpke wrote: We are aware of this issue and hope to fix it in 1.1.0, however there are lots of things scheduled and it might slip to 1.2.0. It would help to know whether you need to select

Re: [graylog2] Re: Export in CSV limited to 24001 rows

Hey, This is a known limitation of the web interface, from the REST api you can get more results. The upcoming 1.1 release will allow exporting all messages using streaming HTTP to your browser. Cheers, Kay On May 13, 2015 2:52 PM, Petar Koraca pkor...@gmail.com wrote: Hello, I have similar

Re: [graylog2] Re: Graylog 1.0.2 blacklist

Hey! There is a rest api call in Graylog 1.0.x for blacklisting. Its undocumented and there's no ui support for it yet, but it works. Under the hood it is implemented as dynamic drools rules and that's why it is undocumented: under high load it can become a serious bottleneck. Before you write

Re: [graylog2] Re: udp gelf - reuse same UDP connection

UDP has no connection so there's no pool to fill up and no time out values. So, no, there's no library that can do this, because there's no technical way. Are you sure the sender is not using TCP? On Apr 28, 2015 10:38 PM, zaharia.stel...@gmail.com wrote: Well , yes . UDP does not have 'state'

Re: [graylog2] Re: Grok sub-patterns cannot be discarded?

We are aware of this issue and hope to fix it in 1.1.0, however there are lots of things scheduled and it might slip to 1.2.0. It would help to know whether you need to select specific fields or if you only want directly named fields to appear in the final extraction. On Apr 21, 2015 4:08 PM,

Re: [graylog2] problem with stream alert

On 16 Apr 2015, at 14:45, yveslouis.rof...@gmail.com wrote: Thanks Kay for your answer, I just thought it could be helpful to know there is something wrong. But you're right, I'm not a developer and snapshots are for development. No worries. It’s just that with 1.1.0 snapshots we are

Re: [graylog2] problem with stream alert

Hi! Really, if you are running 1.1.0 snapshots, _many_ things will break without a warning. Please do not rely on these now, unless you are trying to do development on Graylog :) Best, Kay On 16 Apr 2015, at 12:23, yveslouis.rof...@gmail.com wrote: Hello, No one can help me ? Thanks

Re: [graylog2] Re: graylog cycles deflector each restart after 1.0.1 update [OVA]

This happens when using the time based retention, not with the other ones. It is a known issue and happens with all installations, not only the OVAs On Mar 24, 2015 4:28 PM, Tristan Rhodes tristan.rho...@gmail.com wrote: I just restarted my Graylog 1.0.1-3 OVA several times (sudo graylog-ctl

Re: [graylog2] Re: Remote Logs to Graylog - Recommended Setup?

it as that is probably the simplest solution. Cheers, Pete On Sunday, 22 March 2015 08:46:56 UTC+10, Kay Röpke wrote: Hey Pete, What is it you need to solve exactly? If you have an unreliable link currently the best (reliable) solution is a message broker like Kafka or AMQP

Re: [graylog2] Re: Remote Logs to Graylog - Recommended Setup?

Hey Pete, What is it you need to solve exactly? If you have an unreliable link currently the best (reliable) solution is a message broker like Kafka or AMQP. The former is a good choice for high load but less flexibility, while AMQP is better if you need flexible routing etc.

Re: [graylog2] Are GROK-conversions implemented?

Not in the version we are using right now, but we plan on upgrading the java grok version to support this. Best, Kay On Mar 19, 2015 3:01 PM, Jerri Son jerrison...@gmail.com wrote: Hi there, reading this: https://github.com/Graylog2/graylog2-server/issues/377#issuecomment-43436017 I was

Re: [graylog2] Re: Elasticsearch and mongodb maintenance

On 10/03/15 11:41, zerozerouno...@gmail.com wrote: Il giorno lunedì 9 marzo 2015 16:10:36 UTC+1, Kay Röpke ha scritto: This sounds like you have lots of indexer failures, which lead to messages being stored in MongoDB. So MongoDB size should not be so large, usually? Usually

Re: [graylog2] Re: Elasticsearch and mongodb maintenance

This sounds like you have lots of indexer failures, which lead to messages being stored in MongoDB. Your best bet is REST and MongoDB queries, yes. Have a look at elasticsearch delete queries. For MongoDB look at the size of the system_messages and index_failures collections. For details please

Re: [graylog2] Rotation strategy in Graylog v1.0

Look for rotation, not retention. There's a rotation_strategy entry. Have a look at https://github.com/Graylog2/graylog2-server/blob/master/misc/graylog2.conf Cheers! On Mar 7, 2015 4:34 PM, Tristan Rhodes tristan.rho...@gmail.com wrote: I noticed this was missing also. It is possible that

Re: [graylog2] Error while trying to work on MasterCache org.graylog2.caches.DiskJournalCache.Input

Hi! We have completely revamped the journal in 1.0 to avoid this kind of problem. Please have a look at the recent release candidate (rc.3 is the latest released) to see if that solves your problems. If you do so, please also review your config settings, as some important defaults have changed.

Re: [graylog2] Need more info regarding confg options | Graylog2-server

Hi! Graylog uses elasticsearch in client mode by default. Enabling those options would make it possible to run graylog without an external elasticsearch cluster, but instead to use the in process one. For scalability reasons this is not recommended because elasticsearch and graylog have very

Re: [graylog2] Input source override

Ok, code is different with 1.0, so if it is working there it should be OK. 0.92 won't see any more updates, unless there are serious security problems. Thanks, Kay On Jan 31, 2015 11:18 PM, Rob Erix rob3...@gmail.com wrote: Hi. Syslog UPD input. Graylog version was 0.92.4 I just tested

Re: [graylog2] graylog2-server receiveBufferSize

limitation. I haven't tweaked TCP since we use TCP only for Keepalived HTTP checks, and UDP for logs (GELF input). Both TCP and UDP socket are on same port (12001). Could this cause issue with receiveBufferSize on graylog2-server? Thanks On Tuesday, January 27, 2015 at 6:31:50 PM UTC+1, Kay

Re: [graylog2] graylog2-server receiveBufferSize

Could this be an additional user account level? As long as Netty tries to set the correct value and then complains this sounds like a system limit. On Jan 27, 2015 6:27 PM, Petar Koraca pkor...@gmail.com wrote: Hello, I have some performance issues with graylog2-server 0.92.4 (cannot process

[graylog2] [ANNOUNCE] Graylog v1.0.0-beta.3 has been released

Hello folks! We are happy to announce that we just released the third beta version of Graylog v1.0. The project is about to reach the 1.0-final milestone after five years of development. Please see https://www.graylog2.org/news/post/0018-graylog-v1-0-0-beta3 for details and a download link.

Re: [graylog2] Re: How to determine GB/Day for Inputs?

, Kay Röpke wrote: Hey! The total number of bytes is tracked per input. You could simply sample it today and tomorrow and subtract them. That should give you an idea. You can get to the metrics via the action menu next to the input on the node page. The metric you are looking for is the one

Re: [graylog2] Re: How to determine GB/Day for Inputs?

Hey! The total number of bytes is tracked per input. You could simply sample it today and tomorrow and subtract them. That should give you an idea. You can get to the metrics via the action menu next to the input on the node page. The metric you are looking for is the one ending with

Re: [graylog2] LDAP\AD - having issues

Your search pattern does not contain the placeholder for the username, it only lists all users. Please have a look at the help text in the LDAP form to determine the correct syntax for the pattern. Best, Kay On Dec 20, 2014 5:42 PM, Mike Daoust turbozm...@gmail.com wrote: I am having issues

Re: [graylog2] Exception in thread main java.lang.ClassFormatError: org.graylog2.setup.Main (unrecognized class file version)

It is using the gcj java implementation which is a) java 1.5 and b) unsupported. Please use openjdk or oracle java 1.7 for graylog2, prior versions are not supported. 1.8 should work as well. Best, Kay On Dec 17, 2014 9:09 PM, Tom Kinsella t.r.kinse...@gmail.com wrote: When running ./graylog2

Re: [graylog2] Drools with accumulate and window:time. Anyone?

Hi! The embedded drools is not enabled to do streaming operations. Mostly because it uses really insane amounts of memory and probably will be out of memory soon. Best, Kay On Dec 9, 2014 1:28 PM, Dmitri Stoljarov dmitri.stolja...@gmail.com wrote: Hi, Does anyone build some advanced drools,

Re: [graylog2] Drools with accumulate and window:time. Anyone?

it with something else, but that's just my personal opinion. cheers, -k On Tuesday, December 9, 2014 2:56:32 PM UTC+1, Dmitri Stoljarov wrote: Hi, Any plans to have something similar in future releases of Graylog2? On Tuesday, December 9, 2014 2:33:12 PM UTC+2, Kay Röpke wrote: Hi

[graylog2] Re: Get full field content from Streams

Hi! Currently we do not store the messages which triggered an alert, but only put them into the email/alert callbacks when those are sent. Would it be better for you if you implemented a Nagios alarm callback instead of polling the API? Best, Kay On Tuesday, November 18, 2014 9:37:55 AM

Re: [graylog2] Re: Get full field content from Streams

I agree. Could you file a bug report for that at github in the web-interface project, please? Thanks, Kay On Tuesday, November 18, 2014 3:08:04 PM UTC+1, Doruk Fişek wrote: Hi, Tue, 18 Nov 2014 03:08:43 -0800 (PST), Kay Röpke kro...@gmail.com javascript: : Currently we do not store

Re: [graylog2] Re: Message retention time

: Thanks. I will check that on the test env. cheers felix Am Montag, 3. November 2014 13:26:51 UTC+1 schrieb Kay Röpke: The upcoming 0.92.0 beta 1 has a time based retention feature. See the new options in the config file. Best, Kay On Mon, Nov 3, 2014 at 1:18 PM, felix kutsc

Re: [graylog2] extractor impact on performance

Hi! Yes it does, but not on the input as such but on the the later stages of processing the messages. Usually the overhead is very small though. If you have a case where it is not, please file a bug report so we can take a look at it (or post it here) Best, Kay On Sep 24, 2014 7:58 PM, Jamie

[graylog2] Re: Elasticsearch GrayLog2

Hi! To use servicewrapper with 0.90, you need to use the 0.90 branch, not master. I guess classnames have changed between the releases. It also says it in its readme ;) Important: If you want to use service wrapper with elasticsearch 0.90 (and below), you need to switch to the 0.90 branch of

[graylog2] Re: graylog2 0.20.0 issue with automatic indexing of key=value

Hi! You need to set up an extractor for that input, possibly just a copy input extractor. At the bottom of the extractor configuration page there is a drop down called converters. There's a Split key value pairs option. Choose that, and it should do what you need. :) Best, Kay On Tuesday,

[graylog2] Re: Severity Mapping

Hi! Currently there's no really good way of doing this, I'm afraid. One possibility would be to use drools rules, but in the current version it is a little bit awkward working with them because of the need to restart the server each time the rules change. However, I think this is a generally

Re: [graylog2] Re: Design question concerning Inputs

Hi! Generally speaking: If your log senders need special treatment (i.e. if you need to set up different extractors), then use different inputs. If you send gelf directly, you are generally ok with one input. Syslog-like inputs often need special extractors, so in those cases you have special

[graylog2] Re: Mathematical operation in graylog2

Hi! This works a little different than for example in splunk. When you perform a search, and want to see some aggregate for a number field, choose the little gear icon next to the field name on the right hand side. For number fields, you can get statistics, such as average etc. When you graph a

[graylog2] Re: Index cycling fails at index 13

Hopefully not! Is it maybe running out of disk space or heap memory? It sounds suspiciously like that! Please check your elasticsearch logs for any errors. Best, Kay On Friday, July 11, 2014 6:37:55 PM UTC+2, John Martin wrote: Hello, I keep running into a problem where Graylog will cycle

Re: [graylog2] extractor + logstash usage

Hi! Graylog2 does not have the ability to read files directly yet, so if you need that you have several options. The most common one is to use logstash for that purpose (I know that some people simply mount the logs remotely via the network and only run logstash on one server). Another option

Re: [graylog2] Can Graylog 2 show top 10 ip address

You can achieve this with a search over the timeframe you are interested in. Then select the gear icon next to the field you want (it's in the side bar). Choose the quick values button. The popup shows you the top 50 (which is currently not configurable) values. Unfortunately this is not possible

Re: [graylog2] Parsing messages to send specific alerts

Indeed! I did not notice this when first reading your mail: Message ID is not the content of the field id in your example. Rather, it is the unique uuid graylog2 assigns to each message. The load message button needs that uuid. Do a search for a message you are interested in. Then click on the

[graylog2] Re: [ANNOUNCE] Graylog2 v0.20.4 has been released

, Kay Röpke wrote: Hey everybody, a new bug fix release, Graylog2 v0.20.4, has been released. This release includes a fix for an XSS vulnerability when using message highlighting, thus we recommend upgrading to 0.20.4 as soon as possible. Message highlighting is disabled by default

[graylog2] [ANNOUNCE] Graylog2 v0.20.5 has been released

Hey everybody, a new bug fix release, Graylog2 v0.20.5, has been released. This release, right on the heels of v0.20.4, fixes the highlighting bug introduced by it. If you were planning on updating to 0.20.4, please skip it and move directly to 0.20.5. The graylog2-server and graylog2-radio

[graylog2] Re: Radio server reconnect

Hi! We have just released a new version of Graylog2, 0.20.4, which addresses some issues with the Kafka radio input. I believe it should also fix your problem. Writing the release mail right now. Best, Kay On Wednesday, July 2, 2014 4:00:09 PM UTC+2, André Coelho wrote: Hi everyoneI have the

[graylog2] Re: Bulk allow a LDAP OU for a stream

Not yet unfortunately. Graylog2 does not yet have mapping of LDAP OU to roles, primarily because the role editing part isn't done yet. We are looking to support this in an upcoming version, though. However, it would be possible to script this using the REST API, if that is an option for you.

Re: [graylog2] Re: Graylog performing badly

version of graylog, but last time I did that, I lost all the message history. Adding another elasticsearch node gets in to how come I need more compute power to handle logged messages than to run my actual application On Tuesday, June 10, 2014 9:11:20 AM UTC-7, Kay Röpke wrote: The question

Re: [graylog2] Re: [ANNOUNCE] Graylog2 v0.20.3 has been released

:) Sorry, did not mean to hide anything, most of the things were minor issues. Here are the links to the milestones: https://github.com/Graylog2/graylog2-server/issues?milestone=23state=closed https://github.com/Graylog2/graylog2-web-interface/issues?milestone=25state=closed We will include

[graylog2] [ANNOUNCE] Graylog2 v0.20.3 has been released

Hey everybody, a new bug fix release, Graylog2 v0.20.3, has arrived. This release fixes a number of bugs, most notably two things that have affected a larger number of users: * Autodetection of the server's and radio's transport uri was broken, when localhost was used. Graylog2 now takes

[graylog2] Re: [ANNOUNCE] Graylog2 v0.20.3 has been released

Here are the links :) https://github.com/Graylog2/graylog2-server/releases/tag/0.20.3 https://github.com/Graylog2/graylog2-web-interface/releases/tag/0.20.3 On Thursday, June 12, 2014 6:06:29 PM UTC+2, Kay Röpke wrote: Hey everybody, a new bug fix release, Graylog2 v0.20.3, has arrived

Re: [graylog2] Graylog2Radio going into full GC death

events/sec each giving a total of 5k/sec, and Gelf entries are coming in at 6-8k/sec. I had no problems when using the Kafka input w/0.20.1. 2014-06-10 17:41 GMT+02:00 Kay Röpke kroe...@gmail.com: My local test was sending ~4k to 8k/sec GELF/UDP messages (all via loopback), without processing

Re: [graylog2] More cpu load after update from 0.20.1 to 0.20.2

Hi! The exception means that some indices were set to read only, but an attempt was made to write to them, at least metadata. This could possibly happen for recalculating index ranges, I'll open a ticket for investigation. As to the rise in CPU usage, I'm not aware that there's anything in

Re: [graylog2] Re: Authenticate using SSL_CLIENT_S_DN_CN / REMOTE_USER or generate a cookie manually

was finally able to do this. Thanks a lot :) I think I'll make up the code and release it later~ On Tuesday, June 10, 2014 4:57:33 PM UTC+3, Kay Röpke wrote: Hi! I believe this is the Play framework signing the entire cookie. The relevant code looks like: /** * Signs the given String

Re: [graylog2] ERROR: org.graylog2.indexer.Indexer - Failed to index [34] messages.

These are usually fields that used to contain a number but now are a string. Thus incompatible. Without looking at the index and the messages no one can tell what the problem is :( On Jun 11, 2014 6:46 PM, Florent B flor...@coppint.com wrote: Any idea for these errors ? :-) On 06/10/2014 06:32

Re: [graylog2] Re: Authenticate using SSL_CLIENT_S_DN_CN / REMOTE_USER or generate a cookie manually

Hi! I believe this is the Play framework signing the entire cookie. The relevant code looks like: /** * Signs the given String with HMAC-SHA1 using the application’s secret key. * * By default this uses the platform default JSSE provider. This can be overridden by defining *

Re: [graylog2] Oops, an error occured

Hi! This usually indicates a overloaded system, or jumping system clocks. The exception logged is from the web interface, and in almost all cases this is a timeout. Could you please start the server in debug mode to see if you can make out what is going on? Is your elasticsearch cluster sized

Re: [graylog2] ERROR: org.graylog2.indexer.Indexer - Failed to index [34] messages.

Those messages usually contain data that is incompatible to data types sent before for the same fields. In 0.20.2 the indexer failures collection should have the appropriate index so the timeout should not happen anymore. Please also try this again with the server in debug mode to get more

Re: [graylog2] Web Interface only seeing 1 node

Hi Tyler! Not sure I understand correct, it being late here and all, but graylog2 nodes and mongodb replica sets are orthogonal concerns. Basically all graylog2-server nodes connect to the same mongodb instances, including the replica sets. Then at least one of the graylog2 server nodes needs to

Re: [graylog2] Log to graylog-server from JavaScript Frontend

Hi! The cors config applies to the REST api only in the current versions, but not to the HTTP input. There's an open feature request for it, though: https://github.com/Graylog2/graylog2-server/issues/556 We will support this in the next major release, as the changes are a little bit too involved

Re: [graylog2] Trouble with stream regex rule

I believe you will need to escape the / character. Could you provide the exact content of the message, please? Then I can try to reproduce :) Best, Kay On Fri, Jun 6, 2014 at 11:06 AM, Jean-Luc Bassereau jlbasser...@gmail.com wrote: Hello, I'm having troubles to set a working regex to match

Re: [graylog2] Graylog2 Radio Input (AMQP) missing using GUI version 0.20.2

There should be an entry Graylog2 Radio Input (AMQP) in the list. If not, please check that you are actually running against a 0.20.2 server. The input list is supplied by the server, not by the web interface. I just did this on 0.20.2 this afternoon, so I'm sure it is present. If not, I'm happy

Re: [graylog2] Re: Failure after updating graylog from 0.20.1 to 020.2 thru RPM

Yes, the transport uri should be the external address of the interface. A bug fix changed the autodetection a little, which we will improve in 0.20.3 soon. You can also force java to use ipv4 instead of ipv6:

Re: [graylog2] Re: graylog2 0.20.2 upgrade - all searches fail with 500

OK, good to know. I would eventually like to create tests for these scenarios, so we can automatically suggest fixes for them, like we do for several others. Still not sure how a timestamp can become a string when writing mappings, but this seems a common theme when elasticsearch runs out of

Re: [graylog2] Graylog2 not rotating ES indices

Hi! graylog2_recent sounds like you upgraded from an older version. Those indices might not get collected correctly. Please try to use the recalculate index ranges from the action menu on the system/indices page in the web interface. After that the server should perform retention properly. If

Re: [graylog2] Graylog2 not rotating ES indices

PM UTC-6, Kay Röpke wrote: Hi! graylog2_recent sounds like you upgraded from an older version. Those indices might not get collected correctly. Please try to use the recalculate index ranges from the action menu on the system/indices page in the web interface. After that the server should

Re: [graylog2] Several graylog2 instances on one Elasticsearch.

Hi! There's a setting for the graylog2 index prefix. Can you try to set that differently and see if it solves your issue? Cheers, Kay On May 27, 2014 10:35 AM, Dmitri Stoljarov dmitri.stolja...@gmail.com wrote: Hi, I'm trying to setup two graylog2 instances (v 0.20.2) on one Elasticsearch. I

Re: [graylog2] Several graylog2 instances on one Elasticsearch.

I just remembered this: https://github.com/Graylog2/graylog2-server/issues/489 Apparently that is a bug. I'll see if we can get that fix into the next maintenance release quickly. Best, Kay On Tue, May 27, 2014 at 11:04 AM, Kay Röpke kroe...@gmail.com wrote: Hi! There's a setting

Re: [graylog2] Re: Regular user cannot open dashboard

) scala.concurrent.forkjoin.ForkJoinPool#runWorker (ForkJoinPool.java:1979) scala.concurrent.forkjoin.ForkJoinWorkerThread#run (ForkJoinWorkerThread.java:107) W dniu piątek, 23 maja 2014 13:11:44 UTC+2 użytkownik Kay Röpke napisał: I'm sorry, I just tried this again with the last development version (unchanged

Re: [graylog2] Re: Regular user cannot open dashboard

I just realize that maybe the problem with the dashboard is configured with a search result that the user would not be allowed to see. Read-only users can only search in streams, but not over all results, currently. On Mon, May 26, 2014 at 1:59 PM, Kay Röpke kroe...@gmail.com wrote: But both

Re: [graylog2] Re: Regular user cannot open dashboard

poniedziałek, 26 maja 2014 14:01:08 UTC+2 użytkownik Kay Röpke napisał: I just realize that maybe the problem with the dashboard is configured with a search result that the user would not be allowed to see. Read-only users can only search in streams, but not over all results, currently. On Mon

[graylog2] Re: Regular user cannot open dashboard

I'm sorry, I just tried this again with the last development version (unchanged to 0.20.2-rc1 in this respect) and it works as expected. Could you please remove the permissions for that user, add them back (save in between, of course) and try again? Maybe something related to how the

Re: [graylog2] Re: Dashboard pages leak lots of RAM and crash browsers

Many thanks! As soon as I have fixed the stupid sbt build again, I'll have a look! On May 21, 2014 3:53 PM, Brantley Hobbs brantley.ho...@gmail.com wrote: Thank you Andreas! I have left a comment on your issue. I have Chrome javascript heap snapshots spaced about 10 minutes apart if any

Re: [graylog2] Graylog2 v0.20.1 no longer extracting fields

Hi! I'm adding this to a bug report so we can improve the parsing of the messages. See https://github.com/Graylog2/graylog2-server/issues/549 I suspect that the way we use the syslog library changed in a subtle way. For now the only viable way is to use extractors, I'm afraid. Thank you for

Re: [graylog2] Issues with Streams and Dashboard (Graylog v0.20.1)

Hi! Could you try the latest RC version for 0.20.2? It should have the fix for the message loading issue. I suspect that your stream definition does not properly match the messages, which can be hard to spot when you don't have the example message to work with. That warning is harmless, and the

Re: [graylog2] 2 different index in a single graylog server

Currently graylog2 does not support different retention times for different message types, which I believe is what you want to do. We will implement something like this in the future, but have not scheduled it for a specific version. Best, Kay On Wed, May 7, 2014 at 9:01 PM, Ankit Mittal

Re: [graylog2] Change type of FileSize property

Hi! By change it, you mean in elasticsearch? For those indices where the mapping is set to 'long' everything should be fine. However, to avoid these problems in the future, it's important to figure out why it was treated as a string. Where does that value come from? Graylog2 itself should not

Re: [graylog2] Re: graylog2 v0.20.1: UnavailableShardsException

Hi! This sounds like your elasticsearch cluster isn't capable of processing enough messages per second, and times out. Unassigned shards can happen after a node crashed due to not having enough memory. Please check the log files of elasticsearch to figure out what happened. My bet is on not

  1   2   >