name to something else and everything starting working again. I am
> converting this field to an integer and was doing a search on if the field
> value was greater than 0.
>
> -Bill
>
> On Friday, February 3, 2017 at 5:08:14 AM UTC-10, Steve Kuntz wrote:
>>
>> I'm havi
Unfortunately not, it's the only log message that shows when trying to do a
quick value on the field.
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to
Same here but I wasn't sure it was related to the update.
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to graylog2+unsubscr...@googlegroups.com.
To view this
There is an error in the graylog.log
WARN [SearchResource] Unable to execute search: [reduce]
Any and All help is appreciated.
On Friday, February 3, 2017 at 11:59:34 AM UTC-5, Steve Kuntz wrote:
>
> Also Field Statistics and Generate Chart work on this same data set as
> well an
As a test my search is
_exists_:http_response_code AND http_response_code:[200 TO 503]
And I"m still getting the same error.
On Friday, February 3, 2017 at 10:53:04 AM UTC-5, Jochen Schalanda wrote:
>
> Hi Steve,
>
> the "quick values" functionality only works if
Currently each index is ~10-15G and spans ~10-15 minutes doing this would
make my indices huge and I'm guessing slower to search.
On Fri, Feb 3, 2017 at 10:51 AM, Jochen Schalanda <joc...@graylog.com>
wrote:
> Hi Steve,
>
> On Friday, 3 February 2017 16:03:04 UTC+1, St
Currently each index is ~10-15G and spans ~10-15 minutes doing this would
make my indices huge and I'm guessing slower to search.
On Friday, February 3, 2017 at 10:51:25 AM UTC-5, Jochen Schalanda wrote:
>
> Hi Steve,
>
> On Friday, 3 February 2017 16:03:04 UTC+1, Steve Kuntz wrote:
I'm having a new issue getting quick values since I modified some fields.
This is just to get the HTTP status codes but there is some issue. All
values are being converted to numeric but I'm getting an error. I've
attached the error and the stats to show what the data is.
--
You received this
Thanks, I guess I'll wait until 2.2. I need 2 weeks of archive and my
settings are keeping about 2100 indices @20,000,000 messages per index,
which is about 2 weeks for me.
On Friday, February 3, 2017 at 4:14:11 AM UTC-5, Jochen Schalanda wrote:
>
> Hi Steve,
>
> the issue with t
Hi
This is still a big issue for me. Is there anything I can do? Is there any
more information I can provide to get help?
On Wednesday, December 14, 2016 at 10:46:36 AM UTC-5, Steve Kuntz wrote:
>
> Hi,
>
> Has anyone else seen this behavior? Everything works well until I hit th
Hi,
I'm trying to remove a persistent setting that I want to revert back to the
value in the configuration file but I'm getting an error
This is taken directly from the
documentation:
https://www.elastic.co/guide/en/elasticsearch/reference/current/cluster-update-settings.html
curl -XPUT
Hi I can't seem to find any documentation on-line on how to setup the
following settings. Is there someone point me in the right direction? Is
the only way to find the correct values for my environment to scale them up
and test? If so what order should this be done in?
output_batch_size
Any thoughts?
Could I have something setup improperly?
On Wednesday, December 14, 2016 at 10:46:36 AM UTC-5, Steve Kuntz wrote:
>
> Hi,
>
> Has anyone else seen this behavior? Everything works well until I hit the
> Indices page or the try to edit an extractor. After this s
Hi Jochen,
My version are:
elasticsearch-2.4.1-1
graylog-server-2.1.2-1
On Wednesday, December 14, 2016 at 10:46:36 AM UTC-5, Steve Kuntz wrote:
>
> Hi,
>
> Has anyone else seen this behavior? Everything works well until I hit the
> Indices page or the try to edit an e
Hi,
Has anyone else seen this behavior? Everything works well until I hit the
Indices page or the try to edit an extractor. After this sometimes I have
to restart Graylog to get the interface to respond again. Could I have too
many Indices and/or shards? I'm currently processing about 40,000
Hi,
Quick question, does Graylog fully support connecting to Elastic Search 2.4
branch or should I stick with 2.3.5?
Thanks
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it,
Thanks Marius,
That's unfortunate, are there no plans to have the collector-sidecar
service to run separate instance of filebeat for each output get around the
limitations of filebeat?
On Thursday, September 22, 2016 at 11:45:09 AM UTC-4, Marius Sturm wrote:
>
> Hi Steve,
> Filebeat
Thanks for taking the time to reply Jochen. SELinux is disabled on my
server (see config below).
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints
After upgrading my functioning 2.03 environment (1 Graylog server with 2
ElasticSearch nodes all CentOS 7), Graylog won't start up properly. It
loops through startup/shutdown as shown below (full log is attached). It
seems like a problem binding linux ports below 1024, but I could be wrong.
Thank You!
Something so simple... embarrassed I didn't find it myself.
On Friday, August 26, 2016 at 6:50:54 AM UTC-4, Jochen Schalanda wrote:
>
> Hi Steve,
>
> On Wednesday, 24 August 2016 22:55:21 UTC+2, Steve Kuntz wrote:
>>
>> [NodePingThread] Did not find me
No Suggestions?
Is there any more details I can provide to help out?
On Wednesday, August 24, 2016 at 4:55:21 PM UTC-4, Steve Kuntz wrote:
>
> As well some additional logs form the nodes are
>
> [NodePingThread] Did not find meta info of this node. Re-registering. I
> have
I deleted the node from the nodes collection in MongoDB, This removed it
from the interface.
On Thursday, August 25, 2016 at 2:23:24 AM UTC-4, Jan Doberstein wrote:
>
> Hej Steve,
>
> I've been unable to find any documentation around this. How do I
> completely remove a gr
As well some additional logs form the nodes are
[NodePingThread] Did not find meta info of this node. Re-registering. I
have changed all IPs appropriately in the configuration of the 3rd node.
On Wednesday, August 24, 2016 at 4:15:02 PM UTC-4, Steve Kuntz wrote:
>
> I have 2 nodes r
I have 2 nodes running in a cluster, one master and one slave. When I look
at the nodes collection in Mongo I see the 2 nodes.
I have added a 3rd node as a slave and when this node is running I end up
with an issue where the cluster is complaining that there isn't a master
node. When I look at
Hi,
I've been unable to find any documentation around this. How do I completely
remove a graylog node from the cluster?
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an
Switching to TCP helped.
On Monday, July 4, 2016 at 3:25:05 PM UTC-4, Steve Kuntz wrote:
>
> Hello All,
>
> I'm running the following on CentOS and am having issues with nxlog.
>
> collector-sidecar-0.0.8-1.x86_64 (Centos 6.5)
> nxlog-ce-2.9.1504-1.x86_64 (Centos 6.5)
>
For anyone who was wondering how to do this, I was able to do it with a
"Replace with regular expression" Extractor
On Friday, July 8, 2016 at 9:09:19 AM UTC-4, Steve Kuntz wrote:
>
> Hi,
>
> I have a message like below and I would like to extract the
> lat=111=222 i
Hello All,
I'm running the following on CentOS and am having issues with nxlog.
collector-sidecar-0.0.8-1.x86_64 (Centos 6.5)
nxlog-ce-2.9.1504-1.x86_64 (Centos 6.5)
graylog-server-2.0.3-1.noarch (CentOS 7.2)
When it start up it seems to work fine, then I get the error below. After
this it
Hi,
I would like to see a list of unique values of a text filed and was trying
to use the Field Statistics to do so. It displays the correct information
for 1 and 2 hours but when I go to 8 hours all values show up 0. Any
suggestions? See attached.
--
You received this message because you
Thanks Edmundo
On Tuesday, June 7, 2016 at 5:00:41 AM UTC-4, Edmundo Alvarez wrote:
>
> Hi Steve,
>
> That is a known issue and will be fixed in the next Graylog release:
> https://github.com/Graylog2/graylog2-server/issues/2299
>
> Regards,
> Edmundo
>
> >
Hi,
I've setup a graylog 2.0.2 stand alone server server with 2 separate
elastic search nodes. My logs are being processed however on the detailed
status screen for my graylog node my buffers are showing NaN and I'm not
sure why. Any idea's would be appreciated.
Thanks
--
You received this
Guess I'll have to brush the dust off my python hat.
Thanks
On Monday, May 2, 2016 at 11:21:16 AM UTC-4, Jochen Schalanda wrote:
>
> Hi Steve,
>
> you could probably query those messages over the Graylog REST API (e. g.
> search for the ID) and calculate the time they too
Hi Jochen,
Thanks for clarifying. You said "out-of-the-box", would you be able to
point me in the direction of where to look to get this functionality?
On Monday, May 2, 2016 at 10:23:30 AM UTC-4, Jochen Schalanda wrote:
>
> Hi Steve,
>
> that's currently not pos
Hello,
I've been looking through the docs and searching online but have been
unable to find what I'm looking for.
I have a message that is assigned an ID. This message with its ID will go
through 5 different applications, each with its own log. What I'm looking
to do is to track this message
No idea what can be wrong? Is it purhaps the version of ElasticSearch?
Greeting
Am Donnerstag, 24. März 2016 07:21:12 UTC+1 schrieb Steve Miller:
>
> Hello
>
> The *ElasticSearch Version is 1.7.1 *andthis is the current script
>
> #!/bin/sh
> FDATE=`date +"%F %H:%M:%
t-Length: 523
>
< HTTP/1.1 200 OK
< Content-Type: application/json; charset=UTF-8
< Content-Length: 203
<
* Connection #0 to host 127.0.0.1 left intact
* Closing connection #0
{"_indices":{"graylog2_3":{"_shards":{"total":4,"successful":4,
}
}
}
}
}'
/usr/bin/curl -v3 -H "Content-Type: application/json" -XDELETE
"http://127.0.0.1:9200/graylog2_*/message/_query; -d "${RANGE}"
I can run this script and have no error messages, but no messages will be
deleted.
Has anyone any idea what could be t
Content-Type: application/json" -X DELETE
"http://192.168.10.15:9200/graylog2_*/_search?pretty=true; -d "${RANGE}"
echo $RANGE
but it's not works, i have this error
"error" : "TypeMissingException[[_all] type[[_search]] missing: No index
has the type.]",
"
Hello
Thank you very much! I have now my query but when i try to delete
something, then i have this error.
"error" : "ClusterBlockException[blocked by: [FORBIDDEN/8/index write
(api)];]",
"status" : 403
The query with "-x get" works, but "
t;: { "message" : "level==7"}}}'
I want see all records with the Log-Level 7. Not works.
If it works, then i want delete all message there older as 1 week ("created
at") AND level=7
and then i want run every day a cron.
Thank you very much
cheers
Steve
Am Mon
It works, server restart and it's going.
Thank you very much
Am Montag, 14. März 2016 10:00:42 UTC+1 schrieb Steve Miller:
>
> Hello
>
> Is it possible to delete all message from Graylog/Elasticsearch with
> syslog level 7? Purhaps with a cron job.
> We have many debug messa
Hello
What for permission/users need the graylog.drl? Is this purhaps the problem
because my code not works?
Cheers
Steve
Am Montag, 14. März 2016 10:00:42 UTC+1 schrieb Steve Miller:
>
> Hello
>
> Is it possible to delete all message from Graylog/Elasticsearch with
> syslog l
With
m : Message( getField("level") == 7 )
it's not working, i have messages with 7
Cheers
Steve
Am Montag, 14. März 2016 16:57:46 UTC+1 schrieb Jochen Schalanda:
>
> Hi Steve,
>
> the level attribute has a numeric value but you're currently comparing a
> st
lterOut(true);
end
Is this ok? And what is the better way for (System.out.println)?
Cheers
Steve
Am Montag, 14. März 2016 16:57:46 UTC+1 schrieb Jochen Schalanda:
>
> Hi Steve,
>
> the level attribute has a numeric value but you're currently comparing a
> string value. Also b
"); // Don't do
this in production.
m.setFilterOut(true);
end
Is my code wrong or msust restating the Graylog when i change the
graylog.drl?
regards
Steve
Am Montag, 14. März 2016 10:00:42 UTC+1 schrieb Steve Miller:
>
> Hello
>
> Is it possible to delete all message from G
Hello
Is it possible to delete all message from Graylog/Elasticsearch with syslog
level 7? Purhaps with a cron job.
We have many debug messages in our Graylog, and so i'm looking for a way
how can remove all this debug messages.
regards
Steve
--
You received this message because you
quot;index": "graylog_400", "shard": 0, "node": "Dragon Lord",
"allow_primary": true }}]}'
On Monday, February 15, 2016 at 9:19:39 PM UTC, Steve Marks wrote:
>
> Hi All,
>
> Im getting this error on my graylog server, its the lat
Hi All,
Im getting this error on my graylog server, its the latest 1.3.3 release.
Elasticsearch cluster is red. Shards: 40 active, 0 initializing, 0
relocating, 48 unassigned
I have added a new disk and moved the data along with increasing the
journal size but i cant figure out why this
VMWare host
to see if this will make a difference. I won't be able to do this for at
least a week though. I'll report my findings afterwards.
Cheers
Steve
On Friday, 29 January 2016 16:37:29 UTC, Jochen Schalanda wrote:
>
> Hi Steve,
>
> I've only briefly skipped through the logs
et:12900/system/cluster/node
{"cluster_id":"7f6ef148-e9e9-4aae-b6b9-82fe137c05f0","node_id":"2","type":"server","transport_address":"http://vlu-glserver12.betgenius.net:12900/","last_seen":"2016-01-26T15:10:5
what keeps them from being added to the list of indices? Any
other troubleshooting steps I am overlooking?
Thanks for the help.
Steve.
On Wednesday, November 11, 2015 at 12:47:44 AM UTC-8, Alberto Frosi wrote:
>
> Hi Steve,
> I suggest to check the indexed data with:
>
> curl -XGE
ards" : 132,
"delayed_unassigned_shards" : 0,
"number_of_pending_tasks" : 0,
"number_of_in_flight_fetch" : 0
}
Seems OK.
Any other commands I could try or logs I should look at to determine why
those two indices are not available within the Graylog Web UI?
rformance graphs for the VM look OK in vSphere; no resources appear
to be overwhelmed.
Thanks for any guidance.
Steve.
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it,
t Graylog to reflect the timestamp (Sep 13 00:00:50) and source
(srvback60) shown in this archived entry.
Is this possible? Any other words of wisdom that might point me in the
right direction?
Has anyone else done this?
Thanks,
Steve.
On Wednesday, September 30, 2015 at 1:49:26 AM UTC-7, Joc
is the
best/easiest way to do this?
I have seen some references to using "nc" but not sure of the details on
how to do so.
Any pointers are appreciated.
Thanks,
Steve.
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubsc
in.
And from CLI I see the following:
steve@graylog:~$ graylog-ctl status
warning: elasticsearch: unable to open supervise/ok: access denied
warning: etcd: unable to open supervise/ok: access denied
warning: graylog-server: unable to open supervise/ok: access denied
warning: graylog-web: unable
in.
And from CLI I see the following:
steve@graylog:~$ graylog-ctl status
warning: elasticsearch: unable to open supervise/ok: access denied
warning: etcd: unable to open supervise/ok: access denied
warning: graylog-server: unable to open supervise/ok: access denied
warning: graylog-web: unable
57 matches
Mail list logo
