[graylog2] Re: nxlog issue after some time sending logs properly

Switching to TCP helped. On Monday, July 4, 2016 at 3:25:05 PM UTC-4, Steve Kuntz wrote: > > Hello All, > > I'm running the following on CentOS and am having issues with nxlog. > > collector-sidecar-0.0.8-1.x86_64 (Centos 6.5) > nxlog-ce-2.9.1504-1.x86_64 (Centos 6.5) >

[graylog2] Re: mongod process using over 100% CPU slowing down graylog

Hello Jochen, I am using WiredTiger and am not seeing any unusual messages in the mongod.log file, even when the mongod CPU usage spikes. Below are the top five collections in the graylog db, the sizes (in bytes) don't seem out of this world (to me atleast).

[graylog2] Requesting help with setting up ssl with graylog 2.0.2. Error in getting pkcs5.pem key properly

Env: graylog 2.0.2 / elasticsearch 2.3.2 RHEL 6.8 So I have followed the graylog https setup here http://docs.graylog.org/en/latest/pages/configuration/https.html and followed along to create a keystore, creating a self-signed cert and converting it to PKCS5 and exporting it out to a cert

[graylog2] Web UI Output Indicator Bug (perhaps?)

Hello Graylog Users, I recently set up an instance of Graylog on an EC2 instance. I've modified the conf file to set up admin accounts, port bindings for the web UI and REST API, mongodb, elasticsearch, and email alerts. I notice that when I send Graylog a GELF log over UDP, it shows in the

[graylog2] Re: Extract multiple parts of the message in to one field

For anyone who was wondering how to do this, I was able to do it with a "Replace with regular expression" Extractor On Friday, July 8, 2016 at 9:09:19 AM UTC-4, Steve Kuntz wrote: > > Hi, > > I have a message like below and I would like to extract the > lat=111=222 into a single field that I

[graylog2] When to scale resources for Graylog???

People, I have a Graylog 1.3 server in just one Linux box (Debian 8), so I mean I have one Elasticsearch node. Nowadays I'm receiveing about 4000/6000 logs/second. I had to increase the memory heap size of JVM, and used CPU x 10 and RAM x 40GB and after that everything seems OK, because I

[graylog2] Re: Disk Journal / Kafka Input / Throttling

Hi Eli, Graylog should already throttle message consumption from an external Kafka broker if processing cannot keep up and the disk journal and the processing buffer are running full. Cheers, Jochen On Wednesday, 20 July 2016 04:10:36 UTC+2, Eli Jordan wrote: > > Thanks for the clarification

[graylog2] Re: mongod process using over 100% CPU slowing down graylog

Hi Ariel, MongoDB shouldn't need much processing power when being used by Graylog. Are there any error messages in the logs of your MongoDB nodes? Are there any unusually large collections in the MongoDB database used by Graylog? Which MongoDB storage engine (MMAPv1, WiredTiger) are you using?

[graylog2] Re: Several indices from 1 and 2 hours ago

Hi Roberto, this issue has been fixed in Graylog 1.3.4: https://github.com/Graylog2/graylog2-server/pull/1693 Cheers, Jochen On Monday, 25 July 2016 17:00:18 UTC+2, roberto...@gmail.com wrote: > > Dear Jochen, I'm using this Graylog version on a Debian 8 server: > > graylog-server

Re: [graylog2] graylog-collector-sidecar issue

Dont forget to set the 'apache' tag on the top of the page and press 'Update tags' On 25 July 2016 at 17:15, Marius Sturm wrote: > The defaults are pretty fine for a first test. Create a NXLog Gelf output > with the IP and port of your Graylog's Gelf Input (typically

Re: [graylog2] graylog-collector-sidecar issue

The defaults are pretty fine for a first test. Create a NXLog Gelf output with the IP and port of your Graylog's Gelf Input (typically Graylog's server IP and port 12201). Then create a NXLog file input and connect it with the output from above by setting the 'Forward to' drop-down. Set the right

[graylog2] Re: Several indices from 1 and 2 hours ago

Dear Jochen, I'm using this Graylog version on a Debian 8 server: graylog-server 1.3.3-1 all Graylog server graylog-web 1.3.3-1 all Graylog web My indices configuration in

[graylog2] Get notice/next action from the Dashboard for message that we need (Warning, Error & Critical messages)

Hi everyone, First of all I would like to say many thanks for your support. Especially Jochen and Marius. I'm still exploring the Graylog. Just create a simple dashboard so that I can see the visual data. Just wondering, from the Dashboard that I've create is to sort by Level. So if I get

Re: [graylog2] graylog-collector-sidecar issue

Hi Tony, you have to create a configuration for the sidecar first. Go to 'Manage configurations' on the collectors page and set up the needed inputs and outputs of your nxlog instance. Cheers, Marius On 25 July 2016 at 15:56, Tony wrote: > Hello everybody, > I would like

Re: [graylog2] Re: Elasticsearch cluster unhealthy (RED)

Hi Jochen, Thanks for the URLs link. Let me read and understand it. Seems the first link is great read for newbie like me. :-) On Mon, Jul 25, 2016 at 9:30 PM, Jochen Schalanda wrote: > Hi Arief, > > please refer to >

[graylog2] Re: Several indices from 1 and 2 hours ago

Hi Roberto, which exact version of Graylog are you using? There were some versions of Graylog which would rotate the indices on startup if the time-based rotation strategy was being used, even if the shouldn't be rotated according to their age. Would it be feasible for you to upgrade to

[graylog2] Several indices from 1 and 2 hours ago

Dear, I've cloned a Graylog 1.3 virtual machine with its corresponding indices, to a new one. This new one Graylog virtual machine started with the same indices, and after that I've deleted some of them. But today I was analyzing the Graylog options, and I realized that the indices don't respond

Re: [graylog2] How to remove Graylog set-external-ip

Hi Marius, Thank for your reply. I did remove the the line that you've mentioned. Everything working fine thru the internal IP now. Once again thanks a lot. On Mon, Jul 25, 2016 at 4:25 PM, Marius Sturm wrote: > HI, > you can reset the setting by deleting the line

[graylog2] graylog-collector-sidecar issue

Hello everybody, I would like to send my apache2 log files from a remote server to graylog server. Actually I using graylog-collector-sidecar on Debian 7 and my configuration files are: collectoe_sidecar.yaml--- erver_url: http://10.5.10.242:12900 node_id:

Re: [graylog2] Re: Graylog /var parition always increases

Dear, following your requestes I have this...thanks in advance: 1) Output of curl http://localhost:9200/_cat/indices?v health status index pri rep docs.count docs.deleted store.size pri.store.size green open graylog2_67 4 045889570 1.5gb 1.5gb green open

Re: [graylog2] Re: Elasticsearch cluster unhealthy (RED)

Hi Arief, please refer to https://www.elastic.co/de/blog/elasticsearch-storage-the-true-story-2.0 and https://www.elastic.co/guide/en/elasticsearch/reference/2.3/index-modules.html#_static_index_settings for details about the Lucene compression codecs and disk space requirements for

Re: [graylog2] Feature request - SSL validator as an option

Hej Mathieu, I have upgraded my platform to Graylog 2.0.3 and changed some  configuration items and my reverse proxies to use both the web interface  and the REST one.  As a consequence the web interface now uses a signed SSL certificate  (https://graylog.example.com) and the webservices

[graylog2] Feature request - SSL validator as an option

Dear all, I have upgraded my platform to Graylog 2.0.3 and changed some configuration items and my reverse proxies to use both the web interface and the REST one. As a consequence the web interface now uses a signed SSL certificate (https://graylog.example.com) and the webservices gateway

[graylog2] Proffesional support query

Hi, I went through the Graylog professional support information at "https://www.graylog.org/professional-support; and have the following queries regarding the professional support provided for Graylog. Q1.Does the professional support include consultation, issue resolving in regards to

[graylog2] Re: Changing map theme for geolocation

Thought as much ^^ Thank you, will do. On Monday, July 25, 2016 at 12:28:15 PM UTC+4, Jochen Schalanda wrote: > > Hi Aykisn, > > that's currently not possible but feel free to open a feature request for > this at https://github.com/Graylog2/graylog-plugin-map-widget/issues. > > Cheers, > Jochen

[graylog2] Re: Input shows running but no messages getting retrieved

Hi Thara, I think your rsyslog configuration is incorrect. "." will not match any messages, I think you mean "*.*" instead. Please refer to https://github.com/Graylog2/graylog-guide-syslog-linux/blob/master/README.md#rsyslog for instructions how to configure rsyslog. Cheers, Jochen On

[graylog2] Re: Changing map theme for geolocation

Hi Aykisn, that's currently not possible but feel free to open a feature request for this at https://github.com/Graylog2/graylog-plugin-map-widget/issues. Cheers, Jochen On Monday, 25 July 2016 08:11:05 UTC+2, Aykisn wrote: > > Hello, > > I am using the free GeoLite2 database and I was

[graylog2] Re: Removing some help messages on the web interface

Hi Aykisn, those hints can currently not be removed without forking Graylog and modifying the web interface yourself. Cheers, Jochen On Monday, 25 July 2016 09:24:39 UTC+2, Aykisn wrote: > > Hello, > > I didn't find any info on this. I was wondering i there was any way to > remove some of the

Re: [graylog2] How to remove Graylog set-external-ip

HI, you can reset the setting by deleting the line `external_rest_uri...` in /etc/graylog/graylog-settings.json. Afterwards run graylog-ctl reconfigure. Cheers, Marius On 25 July 2016 at 09:41, Arief Hydayat wrote: > Hi everyone, > > Need your help. As I saw in the

[graylog2] has anyone got a plugin for reading Google Apps APIs?

Hi there We're using Google Apps and I can see a wide range of VERY interesting audit information I'd love to flow into graylog: successful/failed login events, gdrive transaction logs, admin events, etc. Sort of the Google Apps equivalent of AWS CloudTrails They have an API and with my poor

[graylog2] How to remove Graylog set-external-ip

Hi everyone, Need your help. As I saw in the graylog-ctl script, I found command to bind Graylog server with the external IP: sudo graylog-ctl set-external-ip http[s]://:port/ Now I need to remove that setting. How I can do that? Simply by these command? sudo graylog-ctl set-external-ip

[graylog2] Changing map theme for geolocation

Hello, I am using the free GeoLite2 database and I was wondering if there was any way to change the default map theme we have n the graylog user interface please ? Thanks. -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from

[graylog2] Change map themes for geolocation ?

Hello, I am using the free GeoLite2 city geolocation database, and I was wondering if there w -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to