[graylog2] Re: remote sites / servers

Hi Damien, Is there a secure way to send logs from these remote offices? > You can either create a VPN spanning those remote offices and your data center (or wherever Graylog is running) or use pretty much any log shipper supporting TLS (e. g. nxlog, filebeat/winlogbeat, rsyslog, or the

[graylog2] Re: Chart treats no sample as 0

Hi Paweł, please see https://github.com/Graylog2/graylog2-web-interface/issues/1621 for a related issue on GitHub and feel free to subscribe to it to follow its progress. Cheers, Jochen On Tuesday, 12 April 2016 19:10:39 UTC+2, Paweł Lampe wrote: > > Hi, > > I am using graylog v1.3.4, and I

[graylog2] Re: Can I convert a field from string to integer?

Hi Ryan, Elasticsearch tries to be smart about the types of document fields if no explicit mapping was provided. In this case, it assumes that those fields are strings. Since this dynamic mapping is applied on a per-index base, rotating the index (see System -> Indices -> Maintenance in the

[graylog2] Re: Load Balancer health check with Big-IP F5

Hi Marty, the second CRLF is required by the HTTP/1.0 and HTTP/1.1 protocols, so it's not broken but simply as specified (see https://tools.ietf.org/html/rfc7230#section-3 for details). If you really want to use netcat for that stuff instead of a proper HTTP client like curl, you'll have

[graylog2] Re: JSON extractor joining array values?

Hi, joining the JSON array into a single field is one of the purposes of the JSON extractor in Graylog. Graylog currently only supports flat JSON structures (e. g. no objects and no arrays). Cheers, Jochen On Friday, 8 April 2016 15:44:28 UTC+2, Scipio wrote: > > I'm running Graylog 1.3.4,

[graylog2] Re: Check disk usage

> Please do you have any idea how to configure journal size or other > parameters in order to treat this big number. > > Journal is being full quickly so Graylog seems blocked and I can't find > anything in "Search" tab or in the customised dashboard. > > > > Le

[graylog2] Re: installed marvel - now seemed to have corrupted entire graylog db

Hi Jason, what's your Graylog and Elasticsearch configuration? Are there any error messages in the logs of either Graylog or Elasticsearch? Cheers, Jochen On Monday, 11 April 2016 07:15:17 UTC+2, Jason Haar wrote: > > Hi there > > Over the weekend I installed the ES marvel diagnostics package

[graylog2] Re: Graylog-web time range problem

Hi Hasan, which timezone did you configure for the logged in Graylog user? How exactly are you ingesting logs (GELF, syslog, or other inputs)? Are you sure they come with a proper timestamp (e. g. ISO 8601, including a timezone)? Cheers, Jochen On Tuesday, 12 April 2016 14:34:06 UTC+2, hasan

[graylog2] Re: Grok pattern convert to int

Hi Alexey, FWIW, that's a limitation of the dynamic mapping in Elasticsearch. If you want to provide a fixed schema for your data, take a look at https://www.elastic.co/guide/en/elasticsearch/reference/1.7/mapping.html and

[graylog2] Re: Web Interface Certificate differences from v1 and v2

Hi Drew, you're right, the migration path from Graylog 1.x to 2.x isn't very clearly documented yet. We'll eventually fix that once Graylog 2.0.0 has been released. The private key has to be in PKCS#8 format stored as PEM (not DER). The X.509 certificate has also be to be stored in PEM

[graylog2] Re: Graylog-web time range problem

ut timestamp column and search box time is false. if you > wanna any configuration field or screenshot I can show you. I'm looking > for in the following way. Keyword time frame selector. like this is "4 > hours ago". But preview is false. > > Cheers, > Hasan > >

[graylog2] Re: Cannot access web-interface with preset login/password

Hi Milo, it seems like you're using Windows line terminators ('\r\n') in your configuration file. $ cat -v server.conf.txt | grep root_password_sha2 root_password_sha2=5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8^M Although that shouldn't make a difference, please try

[graylog2] Re: [Export CSV] full_message field

Hi, it looks like there are simply no messages which contain a full_message field in your database, which is fine since that's an optional field. What exactly do you want to achieve? Cheers, Jochen On Thursday, 17 March 2016 09:23:24 UTC+1, kaiser wrote: > > Hello Jochen, > > Yes that s what

[graylog2] Re: [ANNOUNCE] Graylog v2.0-alpha.5 has been released

Hi Vikram, we're currently plan to release Graylog 2.0.0 sometime in April 2016. You can help us speed up the process by extensively testing the Graylog 2.0.0 alpha and (upcoming) beta versions. Cheers, Jochen On Friday, 18 March 2016 12:59:26 UTC+1, Vikram Babu wrote: > > When can we expect

[graylog2] Re: [Export CSV] full_message field

Hi, the functionality is still there. Keep in mind, that the list in the "Fields" section only shows field names of the messages found with your current search query. Click on "all fields" below the list of fields to get a list of all fields of all messages. This should also contain the

[graylog2] Re: Graylog2 v1.3.2 - 2 errors - 401 Unauthorized body and cannot parse message, encountered ":"

Hi, the first error is being caused by an invalid Lucene query. The colon character (":") is a reserved character which must be escaped properly (see https://www.elastic.co/guide/en/elasticsearch/reference/1.7/query-dsl-query-string-query.html#_reserved_characters). Since the error is caused

[graylog2] Re: [ANNOUNCE] Graylog v2.0-alpha.5 has been released

Hi, you're running the Anonymous Usage Statistics plugin in an incompatible version. Please use the Anonymous Usage Statistics plugin that is shipped with Graylog 2.0.0-alpha.5. Cheers, Jochen On Friday, 18 March 2016 20:40:23 UTC+1, fanirama wrote: > > Hi, > Getting an error starting

[graylog2] Re: Newb Question - Graylog and Alarm script actions

Hi Jason, there are some 3rd party plugins which allow executing external scripts or processes in various conditions: - https://github.com/dfch/biz.dfch.j.graylog2.plugin.alarm.execscript - https://github.com/dfch/biz.dfch.j.graylog2.plugin.input.execscript -

[graylog2] Re: [Disk Journal] Deletion

Hi, you can't delete individual messages from the journal (at least not easily). Cheers, Jochen On Thursday, 17 March 2016 09:25:35 UTC+1, kaiser wrote: > > Ok thank you Jochen. > > if I delete some events in the journal files by filtering only on a > specific host, would it be safe? > >

[graylog2] Re: Delete messages with syslog level 7

Hi Steve, please refer to https://www.elastic.co/guide/en/elasticsearch/guide/1.x/query-dsl-intro.html for an introduction to the Elasticsearch Query DSL. Keep in mind, that the "message" field is not the query you'd enter in the Graylog web interface. For example there is a separate "level"

[graylog2] Re: [CSV separator]

Hi, you'd have to add a CSV converter per extractor, but that's most probably not what you want to do in the first place. The CSV converter is expanding CSV lines into multiple fields but it cannot be used for exporting data. Cheers, Jochen On Tuesday, 22 March 2016 08:45:45 UTC+1, kaiser

[graylog2] Re: Application log access

Hi Sikender, please refer to http://docs.graylog.org/en/1.3/pages/sending_data.html for the documentation on how to get data into Graylog. Cheers, Jochen On Tuesday, 22 March 2016 05:55:02 UTC+1, sikender...@acesred.com wrote: > > Hi All, > > I have a application in my linux machine with some

[graylog2] Re: Launch Script by stream

Hi, you could try to make use of this 3rd party plugin to do this: https://github.com/dfch/biz.dfch.j.graylog2.plugin.alarm.execscript Cheers, Jochen On Tuesday, 22 March 2016 10:59:06 UTC+1, KabDriver wrote: > > Hi, is it a way to launch a script on another server when a stream is >

[graylog2] Re: Delete messages with syslog level 7

68.10.15:9200/graylog2_*/_search?pretty=true; -d "${RANGE}" > echo $RANGE > > but it's not works, i have this error > > "error" : "TypeMissingException[[_all] type[[_search]] missing: No index > has the type.]", > "status" : 404 &g

[graylog2] Re: A lot of error on Graylog-web

Hi Scarlet, those messages are usually caused by clients (i. e. web browsers) whose session timed out (thus the 401 HTTP response status) but still have a tab with the Graylog web interface opened which tries to update the throughput metrics. They can usually be ignored. Cheers, Jochen On

[graylog2] Re: missing wizard

Hi Senthil, please refer to http://docs.graylog.org/en/1.3/pages/getting_started/create_dashboard.html for the documentation about how to add widgets/charts to dashboards in Graylog. Cheers, Jochen On Wednesday, 23 March 2016 11:14:17 UTC+1, senthil kumar wrote: > > The search results are

[graylog2] Re: Error during log reading

.java > :108) > at > org.jboss.netty.util.internal.DeadLockProofWorker$1.run(DeadLockProofWorker > .java:42) > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) > at > java.util.concurrent.ThreadPoolExecut

[graylog2] Re: Problem with the connection from graylog to elascticsearch

Hi Jonas, we've heard about some strange incompatibilities when running Graylog on SLES (mostly SLES 12, but nonetheless). Maybe you could try running it on a supported platform like Ubuntu 14.04 LTS or CentOS 7 or even use our official virtual machine appliances:

[graylog2] Re: Message's Source Address replaced by Load Balancer NAT'd IP

Hi Marcio, if you're using the GELF protocol, you can simply provide the host name of the originating system in the host attribute of the GELF messages (see http://docs.graylog.org/en/2.0/pages/gelf.html#gelf-format-specification). For any other protocol, you'll have to put the originating

[graylog2] Re: Analyse app usage

Hi Hannes, while Graylog isn't per se the ideal tool for this, you might get some ideas from this article: https://medium.com/@zexxon/mobile-app-analytics-made-easy-f95d0045129a In order to provide analytics, your application of course has to send all the necessary information to Graylog.

[graylog2] Re: [ANNOUNCE] Graylog v2.0-beta.1 has been released

Hi Arie, make sure to read the upgrade notes for Graylog 2.0.0-beta.1 at https://github.com/Graylog2/graylog2-server/blob/2.0.0-beta.1/UPGRADING.asciidoc#upgrading Cheers, Jochen On Thursday, 24 March 2016 22:53:24 UTC+1, Arie wrote: > > Super, > > Are there some guidelines on upgrading from

[graylog2] Re: [CSV separator]

Hi, On Monday, 21 March 2016 11:56:09 UTC+1, kaiser wrote: > > Graylog converter is a graylog plugin? > No, it's a built-in converter to be used with incoming messages (as part of an extractor chain). Cheers, Jochen -- You received this message because you are subscribed to the Google

[graylog2] Re: graylog2 - UDP syslog input receiving messages but not visible in show all messages

Hi Charles, it would be nice if you could reference other locations in which you've already posted the same question in future posts (e. g. https://www.reddit.com/r/linuxadmin/comments/4b9kgq/graylog2_udp_syslog_input_receiving_messages_but/). This prevents duplicated work across different

[graylog2] Re: [CSV separator]

Hi, the separator character can be configured in Graylog's CSV converter but not when exporting messages as CSV. Cheers, Jochen On Monday, 21 March 2016 08:58:49 UTC+1, kaiser wrote: > > Hello, > > is it possible to config graylog so that the csv separator field is ";" > instead of ","? > >

[graylog2] Re: Delete messages with syslog level 7

Hi Steve, Graylog blocks writes to rotated indices to prevent accidental modifications. You can remove the write block by setting index.blocks.write to false, see https://www.elastic.co/guide/en/elasticsearch/reference/1.7/indices-update-settings.html for details. Cheers, Jochen On

Re: [graylog2] Re: graylog2 - UDP syslog input receiving messages but not visible in show all messages

Hi Charles, the easiest fix would be to include the timezone in your syslog messages (following RFC 5424: https://tools.ietf.org/html/rfc5424#section-6.2.3). There's also an option in the syslog inputs in Graylog to override the included timestamp and use the ingestion time as message

[graylog2] Re: Latest problem: Can't recycle or use indices

Hi Eric, which version of Elasticsearch and which version of Graylog are you using? Are there any (detailed) error messages in either the logs of your Elasticsearch nodes or your Graylog server nodes? Cheers, Jochen On Friday, 25 March 2016 22:32:08 UTC+1, Eric Green wrote: > >

[graylog2] Re: [ANNOUNCE] Graylog v2.0-beta.1 has been released

Hi Ovidiu, yes, you can simply use those upgrade instructions if you were using the virtual machine or Docker images (but also make sure to use the right version of the documentation at http://docs.graylog.org/en/2.0/pages/installation/graylog_ctl.html#upgrade-graylog ). Cheers, Jochen On

[graylog2] Re: Link to instructions on how to manually install the latest beta?

Hi Ovidiu, I've just checked the packages referred to in http://docs.graylog.org/en/2.0/pages/installation/operating_system_packages.html and they correctly install Graylog 2.0.0-beta.1. Please make sure that there aren't any old repositories being used on your system. Cheers, Jochen On

[graylog2] Re: Link to instructions on how to manually install the latest beta?

Hi Ovidiu, how exactly do you want to install Graylog? If you want to run it inside a virtual machine or as a Docker Image, simply use the prepared virtual appliances (also available for Graylog 2.0.0-beta.1): http://docs.graylog.org/en/2.0/pages/installation/virtual_machine_appliances.html

[graylog2] Re: Messages marked as incomplete and leaving them unprocessed

Hi, how exactly are you sending messages from fluentd to Graylog? Could you share your fluentd and the Graylog input configuration? Cheers, Jochen On Tuesday, 22 March 2016 18:24:04 UTC+1, _harsha_ wrote: > > Don't think I'm the only one doing this but here's my setup - > > I'm running

[graylog2] Re: Graylog search syntax misleading

Hi Holger, Graylog is currently utilizing Elasticsearch for indexing and querying log message which in turn utilizes Lucene as it's low-level search library. Thus, Graylog is currently limited to using the Lucene Query Syntax (see

[graylog2] Re: Delete by Query (XDELETE) not works

Hi Steve, which version of Elasticsearch are you using and what's the exact reply of Elasticsearch when running your script? Cheers, Jochen On Wednesday, 23 March 2016 15:57:23 UTC+1, Steve Miller wrote: > > Hello > > I have this Bash-Script to delete messages for the ElasticSearch Server. > >

[graylog2] Re: Elasticsearch cluster error: shards unassigned

Hi Roberto, please refer to https://t37.net/how-to-fix-your-elasticsearch-cluster-stuck-in-initializing-shards-mode.html for an example how to fix the unassigned shards issue. Cheers, Jochen On Wednesday, 23 March 2016 15:08:20 UTC+1, roberto...@gmail.com wrote: > > Dear, I have Graylog

[graylog2] Re: [Indicies retention]

Hi, reopening an index is a manual operation that someone with administrative permissions on your Graylog setup must have performed in the past. Cheers, Jochen On Monday, 7 March 2016 09:26:55 UTC+1, kaiser wrote: > > Hello, > > Thank you for your answer. > > When does an indice is reopened? >

Re: [graylog2] Re: RC1: Invalid credentials authentication exception

Hi Sagar, you'll have to remove the trailing " -" in the line with root_password_sha2 so that only the hash is in that line, i. e.: root_password_sha2 = 8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918 Cheers, Jochen On Friday, 4 March 2016 07:27:46 UTC+1, Sagar Nikam

[graylog2] Re: Having trouble installing/starting graylog-server

Hi Clayton, at a first glance the permissions seem to be correct. Make sure that the user "graylog" is really the one being used to start Graylog on your system (you can check the Upstart script and /etc/default/graylog-server). Also try deleting the empty /var/log/graylog-server/server.log

[graylog2] Re: Upgrading to 1.3.3

Hi Francois, according to the output you've posted, you've upgraded from Graylog 1.0.0 to 1.3.3. If I remember correctly, there have been some serious bug fixes in between those versions regarding the Omnibus packaging. Did you simply restart the virtual machine after upgrading Graylog? Maybe

[graylog2] Re: [Indicies retention]

Hi, indices marked as "reopened" will not be closed or deleted by the configured retention strategy at all. If you want to remove that index, simply delete it in the Graylog web interface. Cheers, Jochen On Thursday, 3 March 2016 16:07:34 UTC+1, kaiser wrote: > > >

[graylog2] Re: RC1: Invalid credentials authentication exception

Hi Sagar, the password_secret (in the Graylog server configuration file) and application.secret (in the Graylog web interface configuration file) must be absolutely identical. You can set the user name and the password of the Graylog administrator in the Graylog server configuration file (see

[graylog2] Re: Upgrading to 1.3.3

Hi Francois, that explains things. Upgrading the individual components of the virtual machine images manually and individually is not recommended. Simply always use the omnibus package and follow the upgrade process described at

[graylog2] Re: Is migration from alpha4 to alpha5 ova possible?

Hi Joan, you can upgrade the virtual machine with Graylog 2.0.0-alpha.4 using the Omnibus package at https://packages.graylog2.org/releases/graylog-omnibus/ubuntu/graylog_beta.deb . The upgrade process is described at

[graylog2] Re: graylog 1.2.2 ldap not saving settings

Hi Mike, it would tremendously help if you tried to write complete sentences and a clear problem description. LDAP settings are stored in MongoDB. How exactly did you try to create the LDAP settings and which error messages did you encounter while doing that? Cheers, Jochen On Saturday, 5

Re: [graylog2] Graylog installation

Hi Sikender, you have to enable hardware-virtualization on your computer for the virtual machine to work. Please consult the hardware manual of your computer and activate VT-x in the BIOS of your machine. Cheers, Jochen On Saturday, 5 March 2016 00:17:43 UTC+1, sikender...@acesred.com wrote:

[graylog2] Re: Upgrading to 1.3.3

Hi Francois, how exactly did you upgrade your Graylog setup before? The output in your first post clearly showed Graylog 1.0.0-1 being updated. Cheers, Jochen On Friday, 4 March 2016 16:36:34 UTC+1, Francois Franck wrote: > > Hi Jochen, > > Thanks a lot for your reply but many points are

[graylog2] Re: Graylog 2.0.0 Alpha - connection error from web-gui

Hi Jayica, the Graylob web interface is a single page application which runs inside your browser and which needs access to the Graylog REST API. You've configured the Graylog REST API to listen to 127.0.0.1, which is the local loopback interface and naturally only works on the local machine.

[graylog2] Re: [Indicies retention]

Hi, please elaborate on the problem and post your rotation ( https://github.com/Graylog2/graylog2-server/blob/1.3.3/misc/graylog2.conf#L89-L117) and retention ( https://github.com/Graylog2/graylog2-server/blob/1.3.3/misc/graylog2.conf#L123-L133) configuration settings from your Graylog

[graylog2] Re: GrayLog collector

Hi, there are several other log shippers, like nxlog , logstash , or filebeat , which can be used to read files on a system and send them to

[graylog2] Re: ZeroMq Plugin

Hi Vinod, what's the payload of your ZeroMQ messages? The ZeroMQ plugin for Graylog currently only supports NUL-delimited ('\0') raw text messages, syslog messages (conforming to RFC 5242, https://tools.ietf.org/html/rfc5424), and GELF messages (

[graylog2] Re: Using graylog-collector on AIX is it possible to drop some messages from being forwarded at the source?

Hi Mirza, Graylog Collector currently doesn't support any sort of client-side filtering. You'll have to filter out those messages on the server-side. You might want to give nxlog a try, which supports client-side filtering and also runs on AIX:

Re: [graylog2] Graylog v2.0-beta.1 on docker issues

Hi Mikołaj, please make sure that rest_listen_uri and rest_transport_uri are correctly configured (see https://github.com/Graylog2/graylog2-server/blob/2.0.0-beta.2/misc/graylog.conf#L35-L45) and that all host names being used there (e. g. "server1" from the error message you've posted) can

[graylog2] Re: Enable TLS on Graylog 'GELF TCP' input

Hi Skip, you can configure the GELF client to enable TLS in general and client-side TLS validation using the GelfConfiguration class. See the following methods for details: -

[graylog2] Re: Graylog 2.0.0-beta.1 Could not retrieve Inputs

Hi Marsel, this bug has been fixed in Graylog 2.0.0-beta.2: https://github.com/Graylog2/graylog2-server/issues/1923 Cheers, Jochen On Friday, 1 April 2016 23:27:27 UTC+2, Marsel Qako wrote: > > I stopped the inputs from running, and so far i'm able to create a new one > and continue forward

[graylog2] Re: Graylog 2.0.0-alpha.3 errors upon logging into web ui

ll need to define this, if your Graylog server is running behind a > HTTP proxy that is rewriting > # the scheme, host name or URI. > rest_transport_uri = http://52.78.189.238:12900/ > [...] > > > > On Tuesday, March 29, 2016 at 6:47:53 AM UTC-4, Jochen Schalanda wrote: >&g

[graylog2] Re: Throughput shows unavailable

Hi Amit, first please make sure to upgrade to Graylog 1.3.4 which includes a few bug fixes over Graylog 1.3.0. Are you using a proxy server in front of the Graylog REST API or the Graylog web interface? Are you using HTTPS on either the Graylog REST API or the Graylog web interface? Which

[graylog2] Re: Graylog 1.3.4 OVA install issue

Hi Quentin, it seems like there's a transparent proxy (Squid) deployed on your network which isn't able to reach the VM with the Graylog web interface you've set up. Unfortunately there's not much on the Graylog side of things to do. You'll have to contact your local network administrator and

[graylog2] Re: Graylog not writing to elasticsearch after out of disk space, ES green but...

Hi, it looks like your journal is corrupted. You can either try to recover and repair it (see the journal-related commands in Graylog) or simply remove the journal files from disk. Cheers, Jochen On Monday, 4 April 2016 22:56:47 UTC+2, kluch wrote: > > After "out of disk space" I removed

[graylog2] Re: Cannot access web-interface with preset login/password

Hi Milo, how exactly did you generate the SHA-256 hash of your password? Where exactly did you put that checksum? Are there any trailing or non-printable characters around the password hash? Cheers, Jochen On Tuesday, 5 April 2016 06:24:26 UTC+2, Milo Veozir wrote: > > Hi everyone, > I'm

[graylog2] Re: Content Pack Query

Hi Anant, did you also apply the imported content pack in your new Graylog instance? As a side note, you should upgrade to Graylog 1.3.4 which includes numerous bug-fixes over Graylog 1.1.6. Cheers, Jochen On Wednesday, 30 March 2016 14:22:01 UTC+2, Anant Sawant wrote: > > Hi all!! > > > I

[graylog2] Re: broken link in your docs

Hi Ovidiu, thanks again for reporting this! We've fixed the respective part of our documentation. If you mind more errors or unclear passages in our docs, you can simply create a GitHub issue at https://github.com/Graylog2/documentation/issues. Cheers, Jochen On Wednesday, 30 March 2016

[graylog2] Re: Nodes- Connection to machines

Hi Sikender, you cannot bind two inputs to the same network interface (in this case 0.0.0.0:12201). One of those GELF TCP inputs has to use another port (e. g. 12201 or anything above 1024). Cheers, Jochen On Wednesday, 30 March 2016 00:22:22 UTC+2, sikender...@acesred.com wrote: > > HI

Re: [graylog2] Re: script from url was blocked due to mime type mismatch

Hi Amit, the fix for this issue will be included in the next beta version of Graylog. Cheers, Jochen On Tuesday, 29 March 2016 20:43:21 UTC+2, Amit Sharma wrote: > > HI team, > > i viewed https://github.com/Graylog2/graylog2-server/issues/1982 has been > resolved by bernd, > > can please tell

[graylog2] Re: Content Pack Query

Hi Anant, if the IP address changed (or an input was bound to a specific IP address when exporting the content pack), you need to adjust that setting to the new system. Cheers, Jochen On Wednesday, 30 March 2016 16:37:03 UTC+2, Anant Sawant wrote: > > Well I just went through the content

[graylog2] Re: syslog output plugin truncates/drops messages

Hi, which output plugin are you using? Graylog itself doesn't ship a syslog output. Cheers, Jochen On Wednesday, 30 March 2016 16:26:28 UTC+2, grayl...@gmx.de wrote: > > Hello, > > the rsyslog output plugin truncates messages bigger than approx. 512 bytes > (it puts a "(...)" at the end to

[graylog2] Re: syslog output plugin truncates/drops messages

22854 > > Cheers, > > Martin > > > On Wednesday, March 30, 2016 at 5:16:51 PM UTC+2, Jochen Schalanda wrote: >> >> Hi, >> >> which output plugin are you using? Graylog itself doesn't ship a syslog >> output. >> >> Cheers, >&

[graylog2] Re: script from url was blocked due to mime type mismatch

Hi Amit, thanks for reporting this. It seems this was a bug in the code delivering the web interface assets. I've created a bug report on GitHub to track this issue: https://github.com/Graylog2/graylog2-server/issues/1982 Cheers, Jochen On Monday, 28 March 2016 15:32:14 UTC+2,

[graylog2] Re: Is it possible to index a MSSQL Database?

Hi Toni, what exactly do you want to index from your MSSQL database? Actual contents of the database or log files generated by the database server? Cheers, Jochen On Tuesday, 29 March 2016 10:39:41 UTC+2, toni.fro...@scaltel.de wrote: > > Hi there, > > we are trying to index a MSSQL database

[graylog2] Re: User Time Configuration Discrepancy

Hi Roland, thanks for reporting this! It looks like this is a bug in the web interface which doesn't allow users to change their time zones. As a workaround, you should be able to change the user's time zone as admin user on the System -> Users page. I've created a bug report on GitHub to

[graylog2] Re: Delete by Query (XDELETE) not works

> Content-Type: application/json >> > Content-Length: 523 >> > >> < HTTP/1.1 200 OK >> < Content-Type: application/json; charset=UTF-8 >> < Content-Length: 203 >> < >> * Connection #0 to host 127.0.0.1 left intact >> * Closing connect

[graylog2] Re: LDAP Error Graylog does not yet support multiple LDAP backend.... This is a bug, ignoring LDAP config.

Hi Tom, that usually shouldn't happen. Please check the ldap_settings collection in your MongoDB database and either remove all documents in that collection or all but the most recent one: - https://docs.mongodb.org/getting-started/shell/client/ -

[graylog2] Re: Application log access

Hi Sikender, 1) DO we need to configure syslog file in graylog server ("X") too ??? or > else only installation of agent (graylog-collector) in Y target server is > fine > The syslog daemon doesn't need to be configured specifically on the system running Graylog. It is sufficient to start

[graylog2] Re: Link to instructions on how to manually install the latest beta?

Hi Ovidiu, rest_listen_uri = http://127.0.0.1:12900/ rest_transport_uri = http://127.0.0.1:12900/ Starting with Graylog 2.0.0, the web interface is a single page application (SPA) which directly communicates with the Graylog REST API. If you bind the Graylog REST API to localhost with those

[graylog2] Re: rsyslog logging

Hi Ovidiu, the second version is correct, also see https://github.com/Graylog2/graylog-guide-syslog-linux/blob/master/README.md for details. Cheers, Jochen On Tuesday, 29 March 2016 16:10:12 UTC+2, Ovidiu Pacuraru wrote: > > I've found 2 different methods and was wondering which one is the

[graylog2] Re: rsyslog logs lost on the way or not arriving?

Hi Ovidiu, that's pretty much a misconfiguration of your (virtual) network. See http://www.cyberciti.biz/faq/linux-log-suspicious-martian-packets-un-routable-source-addresses/ for some hints how to debug and solve this. Cheers, Jochen On Thursday, 31 March 2016 08:21:44 UTC+2, Ovidiu

[graylog2] Re: Getting Nothing found issue?

Hi Nageswarag, is there a configured input with the ID 56fb7408848e632a9f27b84c in your Graylog instance? Did you already receive messages on this input? Maybe those messages had a timestamp in the future? If so, try to do a search with an absolute time range and set the end date some hours

[graylog2] Re: Drools and Graylog

Hi, Drools is supported out-of-the-box: http://docs.graylog.org/en/1.3/pages/drools.html I would suggest taking a look at the processing pipelines in Graylog 2.0.0 instead, since we want to deprecate Drools support in a future release: http://docs.graylog.org/en/2.0/pages/pipelines.html

[graylog2] Re: API Key

Hi Jim, please take a look at https://gist.github.com/joschi/72fb7e75b171c10d3717 for an example how to obtain a valid session token. The lifetime of the token can be configured per user (System -> Users). Cheers, Jochen On Sunday, 24 April 2016 14:07:32 UTC+2, Jim Bailey wrote: > > Can

[graylog2] Re: Can't delete an input in Graylog 2.0 Beta.3

Hi Jayica, would you mind telling us what the problem was? Maybe we can improve something in the documentation or in the code of Graylog. Cheers, Jochen On Friday, 22 April 2016 19:34:27 UTC+2, Jayica wrote: > > Thanks Jochen. This was all very helpful. Problem solved. > > On Sunday, April

[graylog2] Re: Permission to see the log

Hi Hasan, you're thinking right, streams for the different groups are the way to go. If you have a specific field for the Apache httpd access logs, you can simply check for that field in the stream rules. Cheers, Jochen On Thursday, 21 April 2016 22:54:44 UTC+2, hasan akgöz wrote: > > Hi

[graylog2] Re: Can't delete an input in Graylog 2.0 Beta.3

Hi Jayica, did you change the Node ID of the Graylog node (e. g. replaced the node-id-file )? Does the input still exist (is it shown in the web interface on the System -> Inputs page)? You can always just

[graylog2] Re: Output rate very low with graylog 2.0rc1

Hi, what kind of inputs are you running and are you using any extractors or the message processing pipeline? A full process buffer usually hints to slow/complex message filtering or extractors. Cheers, Jochen On Friday, 22 April 2016 16:29:41 UTC+2, oliv@gmail.com wrote: > > Hi, > I have

[graylog2] Re: Elasticsearch 2.0.0-5 Client announcing wrong URI

network_host, elasticsearch_network_bind_host, > and elasticsearch_network_publish_host all set. Basically anywhere I could > specify and IP I did so to try and get this working. They didn't appear to > have any impact. > > Thank you, > > Bryan > > > > On Thursday, April 28, 201

[graylog2] Re: Unable to start graylog-2.0.0-1.ova using oracle vm box in windows server 2008 R2 standard

Hi Nikhil, how exactly did you set up the virtual machine (all settings) and how exactly did you import the provided OVA into VirtualBox? Cheers, Jochen On Friday, 29 April 2016 01:37:32 UTC+2, nikhil shetty wrote: > > Hi , > > I am trying to start graylog-2.0.0-1.ova using Oracle >

[graylog2] Re: How to access field value in pipeline rules

Hi Ross, you need to tell the route_to_stream function whether you're specifying the *stream id* or the *stream name*, see

[graylog2] Re: How To Handle Messages With Incorrect Formats

Hi Jacob, you can use a Raw/Plaintext TCP or UDP input for this and extract the required information via some extractors, see http://docs.graylog.org/en/2.0/pages/extractors.html for details. Cheers, Jochen On Friday, 29 April 2016 03:49:56 UTC+2, Jacob wrote: > > Hello, > > I'm have a

[graylog2] Re: Permission denied while trying to launch graylog-server

Hi Boris, could you please post the complete error log that Docker outputs? Cheers, Jochen On Friday, 29 April 2016 08:45:28 UTC+2, Boris Rousseau wrote: > > Hello, > > I followed this instructions to launch graylog server with docker-compose > https://hub.docker.com/r/graylog2/server/ > >

[graylog2] Re: Permission denied while trying to launch graylog-server

in the message_journal_dir setting (see https://github.com/Graylog2/graylog2-server/blob/2.0/misc/graylog.conf#L270-L272). Cheers, Jochen On Friday, 29 April 2016 10:39:39 UTC+2, Boris Rousseau wrote: > > Hi, > > Please find logs attached. > > Thanks > > Le vendredi 29 avril 2016 09:56:57

[graylog2] Re: any scripts for deleting messages containing fields with dots?

Hi Daniel, you could use the Elasticsearch Update API and the integrated scripting for this. See https://stackoverflow.com/questions/29002215/remove-a-field-from-a-elasticsearch-document for a rough idea how to

[graylog2] Re: Elasticsearch 2.0.0-5 Client announcing wrong URI

Hi Thomas, On Thursday, 28 April 2016 11:20:45 UTC+2, Fachi Son wrote: > > Setting elasticsearch_network_host won't make any difference. > What exactly does that mean? To which value did you set the elasticsearch_network_host configuration setting and what's the current error message

[graylog2] Re: Permission denied while trying to launch graylog-server

i 29 avril 2016 12:19:32 UTC+2, Jochen Schalanda a écrit : >> >> Hi Boris, >> >> the error message is kind of swamped by the other messages, but this is >> the relevant one: >> >> ESC[32mgraylog_1 | ESC[0m >> ESC[32mgraylog_1 | ESC[0m321)

<    2   3   4   5   6   7   8   9   10   11   >