[graylog2] Having some difficulties with 3 node graylog cluster

Hi all, I 've installed and configured a 3 node graylog (2.0.3) "cluster". On 3 R610 (16 cores total) servers with 72GB of RAM (Every nodes has installed mongo, elastic and graylog) Using nginx as a udp load balancer and haproxy as a tcp balance for web interface in front of them (2 more hosts)

Re: [graylog2] Re: RPM update from 2.0.2 to 2.0.3 breaks Graylog

Done - Two tickets created. On Thursday, June 23, 2016 at 2:26:47 PM UTC-4, Jan Doberstein wrote: > > Hej SHon, > > all what you describe looks like a bug, can you please open a ticket > https://github.com/Graylog2/graylog2-server/issues that the issue can > be fixed. > > thank you > Jan >

Re: [graylog2] Additional DateTime column sourced as epoch time

On 23. Juni 2016 at 19:48:30, craig.hanc...@uptake.com (craig.hanc...@uptake.com) wrote: > I am trying to get graylog to interrupt a field I am sending over a field > that I would like to interpret as a timestamp however the issue that I am > having is that it is coming across as UNIX epoch > > 1)

Re: [graylog2] Re: RPM update from 2.0.2 to 2.0.3 breaks Graylog

Hej SHon, all what you describe looks like a bug, can you please open a ticket https://github.com/Graylog2/graylog2-server/issues that the issue can be fixed. thank you Jan On 23. Juni 2016 at 19:11:37, Shon Nixon (shon.ni...@gmail.com) wrote: > Decided to run nxlog solo with the correct

Re: [graylog2] Exception in thread "elasticsearch[graylog2-server][generic][T#1]"

Hej Anant, On 23. Juni 2016 at 16:34:21, Anant Sawant (sawantanan...@gmail.com) wrote: > This is the first time this issue has occurred. Could you please tell me > how can I check and increase heap size for graylog server, I searched but > got nothing for graylog server about how to increase the

[graylog2] Additional DateTime column sourced as epoch time

I am trying to get graylog to interrupt a field I am sending over a field that I would like to interpret as a timestamp however the issue that I am having is that it is coming across as UNIX epoch 1) Is there an operation I can do on the graylog to convert this as a datetimestamp 2) Once

[graylog2] Re: RPM update from 2.0.2 to 2.0.3 breaks Graylog

Decided to run nxlog solo with the correct information and still get the same problem: 2016-06-23T12:58:18.248-04:00 ERROR [GelfCodec] Could not parse JSON, first 400 characters: `�)�V���C�

Re: [graylog2] Re: server not running even though graylog-ctl says it is

Thanks Done On Thursday, June 23, 2016 at 11:17:24 AM UTC-4, Marius Sturm wrote: > > Thanks for investigating in this, please open a new issue here: > https://github.com/Graylog2/omnibus-graylog2 > This is not a server issue per se. > >

Re: [graylog2] Re: server not running even though graylog-ctl says it is

Thanks for investigating in this, please open a new issue here: https://github.com/Graylog2/omnibus-graylog2 This is not a server issue per se. Thanks, Marius On 23 June 2016 at 16:06, 123Dev wrote: > Found the offending code. > > /opt/graylog/service/graylog-server/run

[graylog2] Re: RPM update from 2.0.2 to 2.0.3 breaks Graylog

All my NXlog files look like: define ROOT C:\Program Files (x86)\nxlog Module xm_gelf define ROOT C:\Program Files (x86)\nxlog Moduledir %ROOT%\modules CacheDir %ROOT%\data Pidfile %ROOT%\data\nxlog.pid SpoolDir %ROOT%\data LogFile %ROOT%\data\nxlog.log Module xm_gelf

[graylog2] Re: RPM update from 2.0.2 to 2.0.3 breaks Graylog

It would appear that Graylog is adding additional lines in the NXlog file. My snippet is: define ROOT C:\Program Files (x86)\nxlog Moduledir %ROOT%\modules CacheDir %ROOT%\data Pidfile %ROOT%\data\nxlog.pid SpoolDir %ROOT%\data LogFile %ROOT%\data\nxlog.log Module xm_gelf Module

Re: [graylog2] Exception in thread "elasticsearch[graylog2-server][generic][T#1]"

Hi Jan! Thanks for the reply. This is the first time this issue has occurred. Could you please tell me how can I check and increase heap size for graylog server, I searched but got nothing for graylog server about how to increase the heap size. On Thursday, 23 June 2016 15:10:41 UTC+5:30, Jan

[graylog2] Re: RPM update from 2.0.2 to 2.0.3 breaks Graylog

Thanks Marius, No, all I did was perform the upgrade of Graylog, nothing more. I always check log files to make sure the new upgrade took and that's when this started happening--immediately. Nxlog config is pretty vanilla and on all servers that report to this stack: define ROOT C:\Program

Re: [graylog2] NXlog and Graylog Collector Sidecar on SUSE Linux Server

A bunch of openSUSE/SUSE collaborators and I are working on providing rpm packages for various logging utilities via the openSUSE Build Service, project link below. NXlog is currently not building on SLE_11 and I haven't had the opportunity to dig into it, and it wasn't a priority since I'm

[graylog2] Re: server not running even though graylog-ctl says it is

Found the offending code. /opt/graylog/service/graylog-server/run Hardcoded mongodb to be localhost, even though graylog.conf has it set to the primary mongodb. #!/bin/sh exec 2>&1 umask 077 if [ -f "/opt/graylog/embedded/share/graylog/installation-source.sh" ]; then .

[graylog2] Re: Alerts not getting triggered Graylog v2.0.1

Ah, bummer that it came to that. I suppose that works though. :) Thanks for the update! On Thursday, June 23, 2016 at 9:15:24 AM UTC-4, Rakesh R wrote: > > I could not find any solution for this. So I have created a job that > restarts graylog server every one hour > > On Monday, May 30, 2016

[graylog2] Re: Alerts not getting triggered Graylog v2.0.1

I could not find any solution for this. So I have created a job that restarts graylog server every one hour On Monday, May 30, 2016 at 2:12:44 PM UTC+5:30, Rakesh R wrote: > > Hi, > > Graylog is setup properly and there seems to be some issue with the > alerts being triggered. Test mails are

Re: [graylog2] what is the best way of creating fields in graylog?

On Thu, Jun 23, 2016 at 6:00 AM, Jan Doberstein wrote: > Pipeline is stored in the MongoDB and shared with all Servers. > As this (pipelines) is the future and extractors will become part of > the pipeline you should look into them. > OK, so to restore existing pipeline

Re: [graylog2] converters in grok pattern

четверг, 23 июня 2016 г., 12:43:21 UTC+3 пользователь Jan Doberstein написал: > > Hej, > > > > On 23. Juni 2016 at 09:22:40, Андрей Грошев (gree...@gmail.com > ) wrote: > > > And for example request http_code:<204 don't worked. > > I found example define pattern as %{INT:http_code;int} (a

[graylog2] Re: RPM update from 2.0.2 to 2.0.3 breaks Graylog

Hi, looks like your receiving some binary data on a plain text Gelf input. Did you switch to TLS encryption or soemthing like that after the update? Could you please post the generated configuration of NXlog? Cheers, Marius On Wednesday, 22 June 2016 16:27:41 UTC+2, Shon Nixon wrote: > > Built

Re: [graylog2] converters in grok pattern

Hej, On 23. Juni 2016 at 09:22:40, Андрей Грошев (greenx...@gmail.com) wrote: > And for example request http_code:<204 don't worked. > I found example define pattern as %{INT:http_code;int} (a semicolon, not a > colon as in elastic) > And it worked, index mapped in elastic as: > > "http_code":

Re: [graylog2] Exception in thread "elasticsearch[graylog2-server][generic][T#1]"

Hej Anant, On 23. Juni 2016 at 09:40:05, Anant Sawant (sawantanan...@gmail.com) wrote: > Graylog server is throwing following error. Exception in thread > Exception: java.lang.OutOfMemoryError thrown from the > UncaughtExceptionHandler in thread >

Re: [graylog2] NXlog and Graylog Collector Sidecar on SUSE Linux Server

Hi, On 23. Juni 2016 at 11:16:16, sailing-lin (saito...@gmail.com) wrote: > I try to install NXlog and Graylog Collector Sidecar on my SUSE Linux > Server Enterprise 11. But there is no rpm package for SUSE, does anyone > know how to use these two package on SESUE? just install the present rpms

[graylog2] NXlog and Graylog Collector Sidecar on SUSE Linux Server

I try to install NXlog and Graylog Collector Sidecar on my SUSE Linux Server Enterprise 11. But there is no rpm package for SUSE, does anyone know how to use these two package on SESUE? -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To

[graylog2] converters in grok pattern

Hello people! Again stupid question:) I try processed syslog message through grok pattern. I get all the required fields. But all them have string type. And for example request http_code:<204 don't worked. I found example define pattern as %{INT:http_code;int} (a semicolon, not a colon as in