[graylog2] Re: graylog stops outputting messages to elasticsearch every few days

> here is a screenshot that shows what i'm talking about, process buffer > suddenly full and 0 messages outputted until i restart the graylog-server >

Re: [graylog2] Re: Syslog events going into a black hole.

I've had to answer this sort of question for our devs in the past, here's what I looked at: I'd do a packet dump (tcpdump, etc) on the interface and see if the machine is even seeing the syslog packets. If it is, you know it's something on the graylog server/host causing the packet loss. I'd

[graylog2] Re: Syslog events going into a black hole.

One correction. In my last post, I stated syslog was collecting 55k messages per minute. That is incorrect. I had collected 55k in the previous 8hrs. Now, the problem seems even worse. I've only collected 3300 messages in the past 8hrs with no changes being made and still no sign of any

[graylog2] Html Email Alert

Hi, is it possible to set up *Email Alert Callback* to send e-mail as *html*? Thanks -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to

[graylog2] Re: Grok Pattern not working

Hi Matthew, what exactly does "not working" mean? What kind of message are you trying to match with this grok pattern? Did you import or create all referenced grok patterns in Graylog? Additionally there might be a problem with the "timestamp" field if it doesn't match the timestamp format

[graylog2] Re: Html Email Alert

Hi Rudolf, the Email Alert callback currently only supports emails with the MIME type text/plain. Cheers, Jochen On Tuesday, 1 December 2015 09:35:58 UTC+1, Rudolf Pliva wrote: > > Hi, > > is it possible to set up *Email Alert Callback* to send e-mail as *html*? > > Thanks > > -- You

[graylog2] Re: Change permission for user

HI!! Try replacing this peace of code this.state.permissions.

[graylog2] Re: Specify elasticsearch node name on Graylog.

Hi, the Elasticsearch node name is basically just a human readable identifier of each Elasticsearch node. It has nothing to do with the cluster name (which has to be the same for every node in a given Elasticsearch cluster) or the host name of the node running the Elasticsearch process. If you

[graylog2] Updating to newer version of graylog

Dear All!! Greetings for the day. I am using Graylog 1.1.6, now with the latest 1.2.2 release of Graylog which really has some awesome features we are making our minds to go for the newer version but I have some queries as follows 1 :- I have made some changes in the source code of the

[graylog2] Grok Pattern not working

Hi Guys Maybe someone can point out where im going wrong with my Grok pattern here? (?:%{SYSLOGTIMESTAMP:timestamp}|%TIMESTAMP_ISO8601:timestamp8601})(?:%{SYSLOGHOST:logsource}) (?:%{YEAR}): (?:%{MONTHNUM}):(?:%{MONTHDAY})- (?:%{HOUR}):(?:%{MINUTE}):(?:%{SECOND}) -- You received this

[graylog2] Re: Specify elasticsearch node name on Graylog.

Hi Jochen, I appreciate your response, I am modifying the file : /opt/graylog/embedded/cookbooks/graylog/templates/default/elasticsearch.yml.erb node.name : nodename It is working properly now, the problem was that I was

[graylog2] grok and subpatterns

Hello, using graylog 1.2.2, i'm facing issues with grok sub-patterns. For example, with a message beginning with 2015-12-01 17:03:53,250, if in my extractor i have %{TIMESTAMP_ISO8601:date}, the resulting fields are : MONTHDAY 01 MONTHNUM 12 SECOND 53,250 YEAR 2015 date 2015-12-01 17:03:53,250

[graylog2] Graylog collector and timestamp

Hello, using graylog 1.2.2 and collector 0.4.1, there is a big difference between graylog timestamp and log file timestamp. A line in a logfile with a 17:11:34,887 timestamp can have a 17:11:53.328 timestamp in graylog, which is a 20 seconds difference ! I'm currently testing collector to

[graylog2] Graylog Best Practices

Hi there, I have set up a Graylog server with a number (7) of input sources. My question is, when configuring Graylog, is it better to open a number of ports on the Graylog server and have each port receive messages from a particular source or is it better to only open 1 port and receive all