[graylog2] Graylog System Sizing Problem?

Hello everyone, I have some problem in sizing graylog system to deloy. I read Graylog config file and receive some infomation : Elasticsearch_max_number_of_indices = 20 and elasticsearch_max_size_per_index = 1GB, it mean the maximum data size that graylog can recevice is : 20 x 1GB = 20GB.

[graylog2] Re: LDAP Error Graylog does not yet support multiple LDAP backend.... This is a bug, ignoring LDAP config.

Hi Jochen, Thank you for your assistance. I have successfully configure ldap authentication for Graylog2. Tom On Tuesday, March 29, 2016 at 6:45:59 AM UTC-4, Jochen Schalanda wrote: > > Hi Tom, > > that usually shouldn't happen. Please check the ldap_settings collection > in your MongoDB

[graylog2] Re: Nodes- Connection to machines

H Jochen, Awesome. That works for me. Now I am able to send logs so easily :) Seems everything is fine , but when I see the logs of graylog-web server after restart, I see something like ; 2016-03-30T02:14:25.471-04:00 - [INFO] - from play in main Application started (Prod)

[graylog2] Re: Latest problem: Can't recycle or use indices

Final resolution: I gave Graylog considerably more resources, including both memory and CPU cores. I cycled Elasticsearch and waited until it came green (looking at the curl output via the Elasticsearch API). Combined with pruning the number of indexes and forcing Graylog to recompute its

[graylog2] enforcing ssl

Hi, I installed Graylog v2.0 Beta.1. After enforcing ssl with graylog-ctl enforce-ssl and running graylog-ctl reconfigure, i get the following error: We are experiencing problems connecting to the Graylog server running on *http://x.x.x.x:12900/*. Please verify that the server is healthy and

Re: [graylog2] Re: User Time Configuration Discrepancy

Hi Jochen, The workaround also doesn't work. I've added a note as such to the bug report. Thanks. -- Regards, Roland On Tue, Mar 29, 2016 at 10:18 PM, Jochen Schalanda wrote: > Hi Roland, > > thanks for reporting this! It looks like this is a bug in the web > interface

[graylog2] Building up field statistics and showing them on a public dashboard

Hi, I am a new user of Graylog and got stuck with a very simple task of building and showing the statistics for a certain field. So far, I have achieved that the logs are getting streamed to my Graylog instance, getting indexed there and then parsed by a few extractors that fetch numeric

[graylog2] Re: syslog output plugin truncates/drops messages

Hi Martin, it looks like the maximum message length is hard-coded in that plugin: https://github.com/wizecore/graylog2-output-syslog/blob/master/src/main/java/com/wizecore/graylog2/plugin/SyslogOutput.java#L75-L79 You might have success with contacting the authors of this 3rd party plugin and

[graylog2] Re: syslog output plugin truncates/drops messages

Hi Jochen, the "official (???)" plugin from the graylog marketplace: https://marketplace.graylog.org/addons/8eb67dc0-b855-455c-a37f-0fa8ae522854 Cheers, Martin On Wednesday, March 30, 2016 at 5:16:51 PM UTC+2, Jochen Schalanda wrote: > > Hi, > > which output plugin are you using? Graylog

[graylog2] Re: Content Pack Query

Hi Anant, if the IP address changed (or an input was bound to a specific IP address when exporting the content pack), you need to adjust that setting to the new system. Cheers, Jochen On Wednesday, 30 March 2016 16:37:03 UTC+2, Anant Sawant wrote: > > Well I just went through the content

[graylog2] Re: syslog output plugin truncates/drops messages

Hi, which output plugin are you using? Graylog itself doesn't ship a syslog output. Cheers, Jochen On Wednesday, 30 March 2016 16:26:28 UTC+2, grayl...@gmx.de wrote: > > Hello, > > the rsyslog output plugin truncates messages bigger than approx. 512 bytes > (it puts a "(...)" at the end to

[graylog2] Re: Content Pack Query

Well I just went through the content pack, what I find intriguing was the following field in the content pack json "bind_address" : "172.16.0.191", do I need to change the IP address to the IP address of the machine on which I have newly setup graylog. On Wednesday, 30 March 2016 17:52:01

[graylog2] syslog output plugin truncates/drops messages

Hello, the rsyslog output plugin truncates messages bigger than approx. 512 bytes (it puts a "(...)" at the end to show that the message was truncated. Messages bigger than 8092 bytes are dropped. We would like to forward messages up to 16 k (= rsyslog standard receive buffer) untructated to

[graylog2] Re: How to use the Auto content pack loader

Hello Jochen, thanx for help. It does exactly what it should. Very important feature for automation! Greetings, Martin On Wednesday, March 30, 2016 at 3:02:28 PM UTC+2, Jochen Schalanda wrote: > > Hi, > > that feature is a bit overhyped. > > You simply download content packs (e. g. from the

[graylog2] Re: Content Pack Query

Hi Anant, did you also apply the imported content pack in your new Graylog instance? As a side note, you should upgrade to Graylog 1.3.4 which includes numerous bug-fixes over Graylog 1.1.6. Cheers, Jochen On Wednesday, 30 March 2016 14:22:01 UTC+2, Anant Sawant wrote: > > Hi all!! > > > I

Re: [graylog2] Regex match not working

Precisely. The condition is evaluated before the extractor runs, to check if it should attempt the extraction for that field or not. Edmundo > On 30 Mar 2016, at 13:03, Daniel Niasoff wrote: > > Are you saying that the regex condition works on the whole message not the >

[graylog2] How to use the Auto content pack loader

Hello, in documentation of version 1.3 the "Auto content pack loader – download and install content packs automatically" feature is announced. But there no documention, how to use it. How can the "Auto content pack loader" be use to import configuration automatically. Thanx for help in

Re: [graylog2] Regex match not working

Are you saying that the regex condition works on the whole message not the extracted field? On Wednesday, 30 March 2016 10:16:48 UTC+1, Edmundo Alvarez wrote: > > Hi Daniel, > > The regex condition you use will always try to extract the 4th split > element, if there is a number in the whole

[graylog2] Re: Nodes- Connection to machines

Hi Sikender, you cannot bind two inputs to the same network interface (in this case 0.0.0.0:12201). One of those GELF TCP inputs has to use another port (e. g. 12201 or anything above 1024). Cheers, Jochen On Wednesday, 30 March 2016 00:22:22 UTC+2, sikender...@acesred.com wrote: > > HI

Re: [graylog2] Re: script from url was blocked due to mime type mismatch

Hi Amit, the fix for this issue will be included in the next beta version of Graylog. Cheers, Jochen On Tuesday, 29 March 2016 20:43:21 UTC+2, Amit Sharma wrote: > > HI team, > > i viewed https://github.com/Graylog2/graylog2-server/issues/1982 has been > resolved by bernd, > > can please tell

[graylog2] Json Rest Service

Hello, I am new to this kind of work but now I have a question I have a rest service that will send me Log data in a json format [{"level": "800","timestamp": "2016-03-30T08:48:53.679","message":"test message"},{...}] Now I want to get these log files inside greylog I tried using "json path

[graylog2] Re: broken link in your docs

Hi Ovidiu, thanks again for reporting this! We've fixed the respective part of our documentation. If you mind more errors or unclear passages in our docs, you can simply create a GitHub issue at https://github.com/Graylog2/documentation/issues. Cheers, Jochen On Wednesday, 30 March 2016

[graylog2] Re: Link to instructions on how to manually install the latest beta?

Any help here, I am kinda lost. I even went ahead and got myself real certificates from startssl - can I use the same for the rest api and for the web interface? The web interface is now unreachable: http://edgar.ict-consult.co.za:9000/ seeing these last few lines when restarting graylog:

[graylog2] broken link in your docs

On this page: http://docs.graylog.org/en/2.0/pages/installation/manual_setup.html there is a broken link: http://docs.oracle.com/javase/8/docs/technotes/tools/solaris/keytool.html -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To