[graylog2] NGINX Proxy reports "upstream response is buffered to a temporary file" erros when accessing Graylog

Hi Graylog Users, I've been running Graylog for some month now and lately I noticed delays of displaying the Graylog UI (even the login-page) when accessing it thru the NGINX proxy. The NGINX proxy is configured as explained in the Graylog documentation

[graylog2] Split message without drools

I us 2.1.2 GL and need to split message by spaces and then split second item in result by '='. I can not find split in my release of GL. I can write Drools rule for that but is it possible to do it without Drools? Eugene -- You received this message because you are subscribed to the Google

[graylog2] Filebeats collector only one output or multiple extractors on the same input

Hello Guys, Till today I just notice there is no chance to have multiple host or inputs configured into the filebeats collector. My main issue is that i will need to receive different log formats from the same server, my plan was to send each log into different port( inputs) in order to

[graylog2] is there a plugin for Azure/365live logging?

Hi there Our company is starting to get into Azure a bit and I'm wanting to ensure the standard activity logs/etc generated in that environment flow into graylog. We are already in AWS and there's an existing AWS logging plugin for graylog to poll AWS for such logging, so I was wondering if

[graylog2] Adding Graylog node

I'm stuck. I have deployed a cluster with 1 Graylog node + 2 ElasticSearch nodes. This is all working well. My question is how do you add another graylog node? What are the steps/configuration changes that need to be made. After much searching and trying different options I have found

[graylog2] Looking for experienced Gralogger

Hey everyone, We are looking for an experienced Graylogger who can help us configure our Graylog server (which is currently just the default AWS image) and adjust it as necessary to deal with the not very heavy load we will be throwing at it, as well as giving it a once over to check that

[graylog2] Re: Using custom fields in drool rules

Hi Anant, On Tuesday, 10 January 2017 15:52:05 UTC+1, Anant Sawant wrote: > > Q1. Is it possible to use custom fields into drool rules. > Q2. If possible where can I find the docs which tells how to do it. > Yes, you can use custom fields in Drools rules, but you have to use the getField()

Re: [graylog2] Graylog needs a good acronym

YAKS could be Yet Another Kinesthetic System? I don't know, I think GELF is the log format and shouldn't be easily confused with the application stack, which of course is Graylog, Elasticsearch, MongoDB and whatnots. GULP == Graylog Ultimate Logging Platform On Tuesday, January 10, 2017 at

Re: [graylog2] Graylog needs a good acronym

It already has its own acronym of GELF, Graylog Extended Log Format. I sometimes shorten Graylog to GL when discussing it with people familiar with it. How about GRAY = General Redundant Array of Yaks > On Jan 10, 2017, at 10:54 PM, BKeep wrote: > > this is pretty

[graylog2] Using custom fields in drool rules

Hi, I am trying to execute drool rules using some of the fields which I have created using extractors, but the drool rule fails to execute. I have created a field named month which extracts the month name from log, Below is the rule "Rewrite month" I am trying to execute. FYI the "Rewrite

[graylog2] Re: How do I set stopwords in server.conf

haha, the template I created has an order 0, default template is -n, so they are combined. Still Thank you~~ Let me keep trying~ 在 2017年1月10日星期二 UTC+8下午10:19:38，Jochen Schalanda写道： > > Hi, > > On Tuesday, 10 January 2017 14:39:35 UTC+1, Zhiyuan Lei wrote: >> >> Then I generate a new

[graylog2] Re: How do I set stopwords in server.conf

Hi, On Tuesday, 10 January 2017 14:39:35 UTC+1, Zhiyuan Lei wrote: > > Then I generate a new index, It doesn't take affect. > As described in the documentation, you cannot overwrite or modify the Graylog index template but have to create a new index template with a higher priority ("order").

[graylog2] Re: How do I set stopwords in server.conf

I copied the graylog-internal template. and upload a custom graylog template ,and only add one row like these { "order": 0, "template": "graylog_*", "settings": { "index": { "analysis": { "analyzer": { "analyzer_stop": { "filter": {

[graylog2] Re: How do I set stopwords in server.conf

http://docs.graylog.org/en/2.1/pages/configuration/elasticsearch.html#custom-index-mappings Thank you very much, I will try this. 在 2017年1月10日星期二 UTC+8下午6:01:46，Jochen Schalanda写道： > > Hi, > > On Tuesday, 10 January 2017 09:56:55 UTC+1, Zhiyuan Lei wrote: >> >> but graylog doesn't have an option

[graylog2] Re: How do I set stopwords in server.conf

Hi, On Tuesday, 10 January 2017 09:56:55 UTC+1, Zhiyuan Lei wrote: > > but graylog doesn't have an option to set the pattern. It only can set > elasticsearch_analyzer. > Correct, but you can use custom index templates for this, see

[graylog2] Re: Pipeline - Stream - Syslog output and customized messages

No one? :( On Friday, January 6, 2017 at 6:24:18 PM UTC+1, Frank wrote: > > Thanks for your reply, but that's not what I'm trying to do. > > I've got a pipeline with some rules that add some fields and remove some > fields. > The pipeline is connected to a custom stream, not the default stream.

[graylog2] Re: How do I set stopwords in server.conf

but graylog doesn't have an option to set the pattern. It only can set elasticsearch_analyzer. I just want split them into words, like a or b or c , so I can query by the simple word quickly. extractors seem not fit with this situation. 在 2017年1月10日星期二 UTC+8下午4:43:13，Jochen Schalanda写道： > >

[graylog2] Re: Ideal multi-node VM setup on AWS

Hi Wells, On Tuesday, 10 January 2017 01:06:52 UTC+1, we...@littlstar.com wrote: > > First, I'm wondering how the extra MongoDB instance works with the > graylog-ctl script. In the documentation, it only specifies how to set up a > data node or a server node, not a MongoDB-only node. Should I

[graylog2] Re: How do I set stopwords in server.conf

Hi, you could probably use the pattern analyzer to split the message terms but that would of course impact all ingested messages, not just the ones you've mentioned as an example. If these fields

Re: [graylog2] Re: API token different response

Hi I restarted the servers, and the web interface shows the API token auth was disabled. I have checked befor the restart and it was enabled, so I think some caches played with me. Now it is working. Regards, Norbert 2017-01-09 16:18 GMT+01:00 Jochen Schalanda : > Hi