[graylog2] Sidecar: When would you need more than one tag in a configuration?

Hi, this confuses me a bit. I understand a host can have multiple tags to combine multiple configurations, for example an apache server can have tags linux and apache. As I understand it, for this, two configurations will be created, one with a tag called linux and one with a tag called

[graylog2] Graylog Sidecar reports "unable to map property tags"

So I'm using nxlog and I've installed the graylog sidecar. I'm manually starting it with my configuration file so I can monitor it. Just after reporting that nxlog is starting it gives a 400 error related to the property tags. I've attached the screen shot. I've changed the tag and ensured

[graylog2] Re: Unble to get graylog webinterface

Hi Anant, please describe first in detail what's not working for you. Cheers, Jochen On Friday, 15 July 2016 15:20:24 UTC+2, Anant Sawant wrote: > > HI , > > Thanks for such a quick replay!! > > I am already running the web interface on http://127.0.0.1:9000 >

[graylog2] Re: Trouble Receiving Syslog Messages

Hi Nathan, you might want to scroll down in that input selection field. You can also start typing the name of the input in that field. Cheers, Jochen On Friday, 15 July 2016 16:47:04 UTC+2, Nathan Mace wrote: > > Hmmm..I think this is where I'm getting confused. My System->Input > page

[graylog2] Re: Trouble Receiving Syslog Messages

Hmmm..I think this is where I'm getting confused. My System->Input page only has the following to choose from in the new input type: GELF AMQP GELF HTTP GELF TCP GELF UDP GELF KAFKA JSON No plain text option. What could cause that? Thanks! Nathan On Friday, July 15, 2016 at 4:28:44 AM

[graylog2] Re: Unble to get graylog webinterface

HI , Thanks for such a quick replay!! I am already running the web interface on http://127.0.0.1:9000 and I have not upgraded Graylog to this version I have installed a fresh release in

[graylog2] Re: Unble to get graylog webinterface

Hi Anant, according to your logs, the Graylog REST API and the Graylog web interface have been successfully started: 2016-07-15 16:38:00,442 INFO : > org.graylog2.initializers.WebInterfaceService - Started Web Interface at > > 2016-07-15 16:38:00,443 INFO : >

[graylog2] Graylog sporadically stops processing and fills up the journal

Hi guys, I'm running: Version: 1.3.2 (e7c49b6) (Hansa) JVM: PID 2039, Oracle Corporation 1.7.0_80 on Linux 3.2.0-4-amd64 On an EC2 c4.2xlarge box with >=1000 IOPS EBS allocated to GL. I had it running on a c4.4xlarge as well, with all cores and memory-sensitive params updated, but it didn't

[graylog2] Re: problem with certificate for HTTPS on the webinterface

Thanks a lot!! Best, Thomas Am Freitag, 15. Juli 2016 10:53:35 UTC+2 schrieb Jochen Schalanda: > > Hi Thomas, > > the virtual machine appliances rely on the graylog-ctl script which will > regenerate the Graylog configuration from a template each time you run > graylog-ctl > reconfigure. > >

[graylog2] Re: problem with certificate for HTTPS on the webinterface

Hi Thomas, the virtual machine appliances rely on the graylog-ctl script which will regenerate the Graylog configuration from a template each time you run graylog-ctl reconfigure. Please take a look at

[graylog2] Re: Single Server Setup vs Multi Server

Hi Nathan, please take a look at https://www.graylog.org/tools/sizing-estimator for an educated guess about the hardware requirements for your environment. Cheers, Jochen On Thursday, 14 July 2016 19:46:24 UTC+2, Nathan Mace wrote: > > What is the amount of data inputted per day that you

Re: [graylog2] Re: Elasticsearch cluster unhealthy (RED)

Hi Arief, On Friday, 15 July 2016 09:04:21 UTC+2, Arief Hydayat wrote: > > Just wondering if I continue using these current OVA with default setting > in indices is 2000 Max doc per index and current disk 200GB, how many > target server we can add-in to send messages to the Graylog? >

[graylog2] Re: Trouble Receiving Syslog Messages

Hi Nathan, On Thursday, 14 July 2016 19:38:20 UTC+2, Nathan Mace wrote: > > That said, how do I add the Raw/Plaintext input? I understand how to add > an input generally, but not one that is specifically for plain text. > There are several types of inputs n the System / Inputs page in the

[graylog2] problem with certificate for HTTPS on the webinterface

Hi I am using the Graylog 2.0 appliance and wanted to install my own certificate. I installed the certificate under /opt/certificates and added the following in my /opt/graylog/conf/graylog.conf: # The X.509 certificate chain file in PEM format to use for securing the web interface.

[graylog2] Re: Unable to create 2 file collectors with collector-side car due to logrotate error

In fact my solution is not working, I don't have error in the configuration but I have only my first connector that is push in the nxlog conf. I'm using the version 0.0.8. Le vendredi 15 juillet 2016 09:38:16 UTC+2, Philippe Kernévez a écrit : > > Hi, > > I'am using the graylog OVA with ubuntu

[graylog2] Unable to create 2 file collectors with collector-side car due to logrotate error

Hi, I'am using the graylog OVA with ubuntu 14.04 servers. I defined 2 files collectors of type NXLog fille input collectors. With the same tag 'django'. When I configure the django tag on a server I had the following error : 2016-07-14 22:20:22 ERROR module 'logrotate' is already defined at

Re: [graylog2] Graylog slow processing.

Hej Hema, On 14. Juli 2016 at 21:05:58, Hema Kumar (vhs...@gmail.com) wrote: > I am left with no options, any suggestions would be great. i guess you did not see the second part of my last message > On Monday, July 11, 2016 at 1:27:46 PM UTC+5:30, Jan Doberstein wrote: > > Did you checked the

Re: [graylog2] Re: Elasticsearch cluster unhealthy (RED)

Hi Jochen, Just wondering if I continue using these current OVA with default setting in indices is 2000 Max doc per index and current disk 200GB, how many target server we can add-in to send messages to the Graylog? I think it can't handle many also, as far I check message coming from 3

Re: [graylog2] Re: Extractor help - domain name only

Ok I have resolved the problem (it seems). I created two extractors, one with the condition matches regular expression" *GET [a-z]+://[^/]+\.([^/]+\.[^/]+)/* and the other with *GET [a-z]+://[a-zA-Z0-9]{1,1000}.[a-zA-Z0-9]{2,4}/.* Both under the same field name. It didn't create two of the same