We have recently started seeing this in our graylog collector server. I've
searched through threads of others reporting this issue but none of which
seems to apply. Namely, NTP service is running for all nodes and synced to
the same local server. I also bumped up the resources for the collector
Hello Jochen,
I have nospecial extractors running. Maybe I can send you the real (not
anonymized) XML on a private way? To me it seems like it is a special
sequence in that XML that is causing this. I will try to reproduce it first
by myself.
The message that shows the shortened XML is still
Hi All,
Let's say we send a query and search a couple of records, now we would like
to retrieve the original text message. Does Graylog keep the original copy
of the log message?
In addition, the disk based journal seems to keep some data, but not
completely visible. Are those the copy of the
Hi Jochen,
What is strange about it is that the "Stream" rules apparently work with
the field "log_message", but a search query does not work.
I send a raw Elastic query and still not much information about why it is
not working.
The custom mapping is useful if the data type is not the
Hi Wayne,
On Wednesday, 19 October 2016 17:36:10 UTC+2, Wayne wrote:
>
> Is there additional configuration that is required to ensure all the
> extracted fields to be searchable?
>
See
http://docs.graylog.org/en/2.1/pages/configuration/elasticsearch.html#custom-index-mappings
for details.
Hi All,
I configured a couple of Extractors to extract fields from the log message.
Some fields can be searched, but others can not be searched.
Example:
I have a field called "level" (log level) and it can be searched. I can
also see this field listed as a property in search index
Hi Benbrahim,
see https://github.com/Graylog2/graylog-guide-syslog-linux#readme for
instructions how to configure rsyslog or syslog-ng to forward logs to
Graylog.
Cheers,
Jochen
On Wednesday, 19 October 2016 15:30:06 UTC+2, Benbrahim Anass wrote:
>
> Hello
> i'm wondering if it is possible to
Hello
i'm wondering if it is possible to redirect all /var/log/message of a
syslog server to a distant graylog server
Thanks alot
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from
Hi Anant,
On Wednesday, 19 October 2016 14:43:39 UTC+2, Anant Sawant wrote:
>
> I would like delete logs of system A for a particular date.
>
> So is it possible to know in which indices the logs from System A are
> stored and remove those particular indices/logs on a particular date?
>
That's
Hi Wayne,
On Wednesday, 19 October 2016 15:07:07 UTC+2, Wayne wrote:
>
> It is stated in 2.1 document that Kafka and RabbitMQ can be configured as
> transport queue.
>
> What are the use cases/scenarios which we need to do the above
> configuration considering Graylog already has its own way to
Hi Shane,
On Wednesday, 19 October 2016 14:04:32 UTC+2, Shane wrote:
>
> We have seen this server have issues in the past - typically due to the
> Graylog not handling having more than one eth interface well at all.
>
>
So, what did you do in the past to solve this issue?
By the way, Graylog
Hi Shane,
On Wednesday, 19 October 2016 14:04:32 UTC+2, Shane wrote:
>
> The server was updated using:
>
> $ wget
> https://packages.graylog2.org/releases/graylog-omnibus/ubuntu/graylog_latest.deb
> $ sudo graylog-ctl stop
> $ sudo dpkg -G -i graylog_latest.deb
> $ sudo graylog-ctl reconfigure
Hi Jochen,
It is stated in 2.1 document that Kafka and RabbitMQ can be configured as
transport queue.
What are the use cases/scenarios which we need to do the above
configuration considering Graylog already has its own way to persist the
messages?
Thanks,
Wayne
On Wednesday, October 19,
Hi Graylog Team
We have a single instance of graylog running with single node.
We have pointed two sensors (two systems) via syslog udp to graylog. When i
do a search in all messages it shows 42 million events searched in three
indices namely
graylog2_0
graylog2_1
graylog2_2
Now
It's difficult to provide more details when there are no errors at all in
any of the logs, with the only indication of the issue being the text
"Graylog is restarting...
There is no Graylog web application running at the moment, please reload
this page in a minute. It can take up to 1-2
Hi Shane,
On Wednesday, 19 October 2016 13:43:23 UTC+2, Shane wrote:
>
> Same thing for me on the 2.1.1 after attempting an upgrade from 2.1.0. No
> logs of any value and just a message "Graylog is restarting..." -
> struggling to see the value in this product. `gralog-ctl tail` also of no
>
Same thing for me on the 2.1.1 after attempting an upgrade from 2.1.0. No
logs of any value and just a message "Graylog is restarting..." -
struggling to see the value in this product. `gralog-ctl tail` also of no
use.
On Thursday, 28 July 2016 09:15:17 UTC+1, Jochen Schalanda wrote:
>
> Hi
Hi Wayne,
Graylog writes messages into a disk journal once they have been received
and will only remove them from the journal again, if they've been
successfully been indexed into Elasticsearch.
Cheers,
Jochen
On Tuesday, 18 October 2016 18:41:50 UTC+2, Wayne wrote:
>
> Hi All,
>
> I would
Hi Robby,
I cannot reproduce your problem.
I've created a GELF UDP input on an installation of Graylog 2.1.1 and sent
a GELF message to it with the XML example from your first email in the
full_text message field.
Everything has been ingested and is being shown as intended (i. e. unparsed
Hi,
On Wednesday, 19 October 2016 10:17:59 UTC+2, mani...@qrsolutions.in wrote:
>
> And now only I notice that Pfsense log doesn't contain any (log/lat) geo
> values. It is possible to create map without geo values??
>
No, that's not possible and that's exactly what the GeoIP Processor is for.
Just an update. I restored the server from backup and reapplied the update
without doing a sudo apt-get update and upgrade. The process failed at the
same point. Service still down.
On Tuesday, 18 October 2016 11:47:43 UTC+1, Jochen Schalanda wrote:
>
> Hi Nathaniel,
>
> what exactly
any news on this?
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit
Hi,
Please find the details below.
And now only I notice that Pfsense log doesn't contain any (log/lat) geo
values. It is possible to create map without geo values??
Thanks Jochen For the Reply,
what i meant is that i already have a syslog server gathering logs from
differents equipements in my newtrok ( routers, switches, other servers..)
the idea is to forward those logs to the graylog without the need of
reconfiguring everything to work with graylog
Le
Thanks Jochen For the Reply,
what i meant is that i already have a syslog server gathering trafic from
differents equipements in my newtrok ( routers, switches, other servers..)
the idea is to forward that trafic to the graylog without the need of
reconfiguring everything to work with graylog
Le mercredi 19 octobre 2016 08:54:36 UTC+2, Benbrahim Anass a écrit :
>
> Hi everyone,
> i have a question, well, i have a systlog server already configured, i'm
> wondering if it is possible to forward the existing log file on the server
> toward the Graylog server .
> thanks
>
--
You
Hi Wayne,
On Tuesday, 18 October 2016 20:01:11 UTC+2, Wayne wrote:
>
> The problem is that when an alert email is sent, the Date is showing UTC
> time.
>
Yes, that's intentional. The alert emails aren't linked to any Graylog
user, so it's not possible to use the configured timezone of any
Hi Benbrahim,
most syslog daemons support sending logs to remote locations, so take a
look at https://github.com/Graylog2/graylog-guide-syslog-linux#readme for
information how to configure rsyslog and syslog-ng to work with Graylog.
If you have only some log files and want to send them to
Hi everyone,
i have a question, well, i have a systlog server already configured, i'm
wondering if it is possible to forward the existing log file on the server
toward the Graylog server .
thanks
--
You received this message because you are subscribed to the Google Groups
"Graylog Users"
29 matches
Mail list logo
