[graylog2] Specify elasticsearch node name on Graylog.

Hi, I want to give a specific name to elasticsearch node. When I am calling elasticsearch Rest Api on node information, I am getting ; [ec2-user@ip-10-144-127-187 ~]$ curl -i -XGET '127.0.0.1:9200/_cat/nodes' HTTP/1.1 200 OK Content-Type: text/plain; charset=UTF-8 Content-Length: 154

[graylog2] Re: Graylog 1.2 rotation strategy

Hi Roberto, whether you want to have lots of smaller indices or fewer larger indices is basically a tradeoff between different resources. The larger the indices, the longer searches will take when querying a small time range. The more indices you have, the more file handles are required and

[graylog2] Re: Graylog 1.2 rotation strategy

> > Is this configuration OK??? > Uhmm.. Each time you restart graylog, it create a new indice on Elasticsearch. So if one day, you have to restart Graylog 5 times, it will create 5 new indices! So if you really want to keep at least 180 days of logs, you should say to graylog to keep

[graylog2] Index size and quantity

Dear all, I have a question about Graylog 1.2 indexes: In case I want to store 6 months of logs, is it better to use 180 indexes and 1 index per day, or to use 18 indexes and 1 index for 10 days??? What's the recommendation about size and quantity of logs??? Thanks a lot. -- You received

[graylog2] Re: Index size and quantity

Hi Alejandro, please see https://groups.google.com/d/msg/graylog2/Z1l2uAaBL1M/fMa3kmPaBwAJ for the almost same question. Cheers, Jochen On Monday, 30 November 2015 17:55:12 UTC+1, Alejandro Cabrera Obed wrote: > > Dear all, I have a question about Graylog 1.2 indexes: > > In case I want to

[graylog2] Re: Syslog events going into a black hole.

Yes. There is some traffic on that input. It's collecting about 55k messages per minute. But, it should be much higher than that. It may well be missing 50-75% of what should be collected. Most of my equipment doesn't have an option to specify the syslog port, so I'm stuck with port 514.

[graylog2] Re: Change permission for user

HI!! Try replacing this peace of code

[graylog2] Rewrite log with extractor

Dear all, I have log as format: protocol-id 17,.. Now I can use extractor to extract string "17" for using in filed protocol or something like that. But I want to change string "17" to "UDP" or when when I get string "1" I can change it to "ICMP"... Anyone have exp about this,

Re: [graylog2] Re: [Saved_searches] exexute save search from any stream

Thank you for your answer Le 29 nov. 2015 23:54, "Werner van der Merwe" a écrit : > To my knowledge no, as the stream identifier would still be enforced in > the search bar. > > IMHO, If one changes that behaviour, one will run into issues with people > having more than

[graylog2] Graylog 1.2 rotation strategy

Dear, I have a Graylog 1.2 server which receives lot of messages per seconds. I need to have a rotation strategy in order to mantain 6 months of logs, and after that time the indexes will be deleted. I think I have to add this lines to the /etc/graylog/server/server.conf file: