[graylog2] Re: Unable to Upgrade Graylog from 1.3 to 2.0 Lauched from Readymade AMI

Hi Sharma, please read this chapter in the Graylog documentation about upgrading the virtual machine images (including the AMIs) to Graylog 2.0.0: http://docs.graylog.org/en/2.0/pages/installation/graylog_ctl.html#migrate-manually-from-1-x-to-2-0-x Cheers, Jochen On Tuesday, 10 May 2016

Re: [graylog2] Re: Unable to send heartbeat to Graylog server: ConnectException: Connection refused

;/var/log/syslog" > charset = "utf-8" > content-splitter = "newline" > } > } > outputs { > gelf-tcp { > type = "gelf" > host = "192.168.0.12" > port = 12345 > } > } > > > 2016-05-10 14:23 GM

[graylog2] Re: Switching to whitespace analyzer

earch for > "CRXSessionImpl#Tracker" it also returns this result even though there is > no such string in the message! Now, if I search for "*open\(" which is > supposed to match "open(", I get nothing. > > Sincerely, > > On Tuesday, May 10, 2016 at 5:

[graylog2] Re: Graylog stream

Hi Seba, I'm not sure what you're trying to accomplish. Please elaborate on your use case. Cheers, Jochen On Friday, 6 May 2016 11:47:14 UTC+2, Seba wrote: > > *Dear all,* > > > > > *How can I set a streaming rule, in order to not send a notification, when > access to the switch is not

[graylog2] Re: Graylog V2 web interface stuck on loading after login

Hi Nathan, please tell us some details about your setup (e. g. if you're using HTTPS, if you're using some reverse proxy etc.). Cheers, Jochen On Monday, 9 May 2016 18:03:05 UTC+2, Nathan Hicks wrote: > > Hi, > > I'll have the Graylog logs in a minute, but for now, I've got this out of > the

[graylog2] Re: How to setup tls security?

Hi Earest, please take a look at the documentation chapter about configuring the Graylog 2.0.0 web interface: http://docs.graylog.org/en/2.0/pages/configuring_webif.html In case you're using self-signed certificates, the following FAQ entry might also be interesting for you:

[graylog2] Re: How to configure Graylog clusters in V-2.0 alpha

Hi Raj, the configuration you've posted looks sane. Is there any specific problem you encounter while setting up additional Graylog non-master nodes? Cheers, Jochen On Tuesday, 3 May 2016 12:41:02 UTC+2, raj kumar wrote: > > Hi Guys, > > I have configured 3 Graylog servers (mongodb

[graylog2] Re: Tracking a message through multiple logs and calculating time

Hi Steve, that's currently not possible with Graylog out-of-the-box. Cheers, Jochen On Monday, 2 May 2016 16:12:36 UTC+2, Steve Kuntz wrote: > > Hello, > > I've been looking through the docs and searching online but have been > unable to find what I'm looking for. > > I have a message that is

[graylog2] Re: Unexpected Index rotation

Hi Mike, currently the master flag has to be set manually but we're working on a better solution for this in a future version of Graylog. Cheers, Jochen On Thursday, 28 April 2016 17:06:58 UTC+2, Mike Daoust wrote: > > Does Graylog have a recommended way of handling clusters with multiple >

[graylog2] Re: [Upgrade] 1.3.4 to 2.0

Hi Aldo, you need to enable HTTPS for both, the Graylog REST API and the web interface. Otherwise your browser will issue those mixed content warnings and block access to the (unencrypted) Graylog REST API. See http://docs.graylog.org/en/2.0/pages/configuring_webif.html for details. Cheers,

[graylog2] Re: Permission denied while trying to launch graylog-server

Hi Boris, is your MongoDB server reachable over the given network address (mongo:27017) from within the container running Graylog? Cheers, Jochen On Monday, 2 May 2016 09:51:04 UTC+2, Boris Rousseau wrote: > > Hi Jochen, > > I have no more issue regarding permissions. > > Now I get the

[graylog2] Re: Where to find comprehensive Graylog 2.0 installation instructions

Hi zep, we're continuously improving the documentation for Graylog. You're welcome to help us by adding feedback (or even pull requests) for the documentation repository at https://github.com/Graylog2/documentation. On Sunday, 1 May 2016 03:55:41 UTC+2, zep wrote: > > the ova file is a great

[graylog2] Re: Unable to send heartbeat to Graylog server: ConnectException: Connection refused

Hi Hasan, please post the configuration of your Graylog Collector and tell us, which exact versions of Graylog and of the Graylog Collector you're using. Cheers, Jochen On Tuesday, 10 May 2016 12:32:29 UTC+2, hasan akgöz wrote: > > Hi Guys, > > Before running the graylog collector today gives

[graylog2] Re: Raw Log Dashboard Widget

Hi Ben, there is currently no simple message list widget for dashboards in Graylog. You can either file a feature request for this at https://github.com/Graylog2/graylog2-server/issues or try to create a custom plugin providing such a widget (see

[graylog2] Re: Issue with source code of graylog2-rest-client

Hi Trisha, the classes in the org.graylog2.restroutes.generated.routes package are being automatically generated when running Maven (using the Maven Exec plugin). Please take a look at the .travis.yml file on the 1.3 branch ( https://github.com/Graylog2/graylog2-server/blob/1.3/.travis.yml) to

[graylog2] Re: How do I directly send log graylog-server ?

Hi Hasan, Graylog supports consuming logs from Kafka and AMQP (e. g. RabbitMQ) out of the box and ZeroMQ via a plugin from the Graylog Marketplace (https://marketplace.graylog.org/addons/0c463072-f1cb-48cd-9615-ff7c212b8e13). If your application can emit logs via one of those message queueing

[graylog2] Re: Missing old data after upgrade to 1.3.4

Hi Idan, how exactly did you upgrade Graylog? What's the configuration of your Graylog server and your Elasticsearch node(s)? Cheers, Jochen On Friday, 15 April 2016 18:52:08 UTC+2, Idan Lerer wrote: > > Hello, > I just upgraded from Graylog v1.3.4 from1.1.3. > All my settings saved and I can

[graylog2] Re: Graylog /var parition always increases

Hi Roberto, what's the configuration of your Graylog servers? What's the directory inside /var with the largest size (check with du or similar tools )? What's the output of the following curl command (replace localhost

[graylog2] Re: Missing old data after upgrade to 1.3.4

> sudo graylog-ctl stop > sudo dpkg -G -i graylog_latest.deb > sudo graylog-ctl reconfigure > > I still see all my dashboard I configured but I can see only the data > since the upgrade > > > On Friday, April 15, 2016 at 10:27:55 AM UTC-7, Jochen Schalanda wrote: &

[graylog2] Re: graylog collector and cpu load

Hi Hasan, I'm not quite sure what you want to know. Could you please try to rephrase your question or add more details? Cheers, Jochen On Friday, 15 April 2016 20:23:19 UTC+2, hasan akgöz wrote: > > Hello community, > > I just wonder , if the service stops graylog-server or elasticsearch .

[graylog2] Re: Multiple retention times still not possible?

Hi tokred, support for multiple (concurrent and possibly incompatible) index schemes and retention times is not included in Graylog 2.0.0 and currently isn't on the roadmap in the mid-term. Cheers, Jochen On Friday, 15 April 2016 14:49:59 UTC+2, tok...@gmx.net wrote: > > Hi all, > > I really

[graylog2] Re: Nodes- Connection to machines

t fine If i do that ? > > Thank you Jochen. > > Regards > Sikender > > On Monday, April 11, 2016 at 3:36:22 AM UTC-7, Jochen Schalanda wrote: >> >> Hi Sikender, >> >> if you're using Graylog 1.3.x, the Graylog REST API must be accessible by >>

[graylog2] Re: Extractor metrics

Hi Jan, the number of executions per extractor is currently not recorded in Graylog. Cheers, Jochen On Wednesday, 20 April 2016 11:25:26 UTC+2, Jan Meerkamp wrote: > > Heay > > I am trying to get some extractor metrics via Rest API and i am able to > get the times with >

[graylog2] Re: Reason: There was a problem with your search. We expected HTTP 200, but got a HTTP 500.

Hi Shrawan, looks like your Elasticsearch cluster or at least the communication within the cluster is broken. Please check the logs of your Elasticsearch nodes for error messages and make sure, that each node of the Elasticsearch cluster is able to communicate with the rest of the cluster.

[graylog2] Re: Data type of @timestamp is sometimes string instead of date

Hi, if you want to ensure that a document field has always the same type, you'll have to create a custom index mapping ( https://www.elastic.co/guide/en/elasticsearch/reference/1.7/mapping.html) and make sure it will be applied to new indices by creating an index template with your custom

[graylog2] Re: Copy field containing date as a new date field does not work

Hi, for reference: this question has been answered in https://groups.google.com/forum/#!topic/graylog2/LkBvIgDlcoo (post by the same author). Cheers, Jochen On Wednesday, 13 April 2016 18:25:55 UTC+2, grayl...@gmx.de wrote: > > Unfortunately Graylog saves a field in ElasticSearch instead of

Re: [graylog2] Re: Can I convert a field from string to integer?

Hi Jason, we might add an interface for managing Elasticsearch mappings/index templates in a future version of Graylog, but right now it's not on the immediate roadmap. Cheers, Jochen On Wednesday, 13 April 2016 22:07:53 UTC+2, Jason Haar wrote: > > It would be great if graylog had an

[graylog2] Re: date being recognized as a string

Hi, if you want to ensure that a document field has always the same type, you'll have to create a custom index mapping ( https://www.elastic.co/guide/en/elasticsearch/reference/1.7/mapping.html) and make sure it will be applied to new indices by creating an index template with your custom

[graylog2] Re: graylog2-server failed to send join request to Elastic master

Hi Rajkumar, the error message states that your Elasticsearch nodes (at least es.node-1) is not able to connect back to Graylog with the host name graylod-1 on port 9350. Make sure that the Elasticsearch nodes are able to communicate with Graylog on graylod-1:9350 (maybe there's a typo in the

[graylog2] Re: fielddata error with search

Hi Daniel, doc values don't work for analyzed string fields like "message": Doc values are supported on almost all field types, with the notable > exception of analyzed string fields. > Unfortunately that's exactly the field which trips the field data cache circuit breaker in Jason's case.

[graylog2] Re: Missing old data after upgrade to 1.3.4

}, { > "index_name" : "graylog_2", > "begin" : "2016-04-15T20:20:21.000Z", > "end" : "2016-04-16T15:53:49.737Z", > "calculated_at" : "2016-04-16T15:53:50.181Z", > "took_ms" : 414 > }

[graylog2] Re: Stream or other? Forward everything to SIEM

Hi Fred, - How does a stream scale? Do we have some benchmarks available? > Streams are relatively lightweight, depending on the stream rules. In your case a simple check for the existence of the message or timestamp fields would be completely sufficient to catch all messages and that's a very

[graylog2] Re: Can't delete an input in Graylog 2.0 Beta.3

Hi Jayica, it looks like the given URL used by the web interface isn't correct. Please make sure that the correct URL is given in the rest_transport_uri setting in the Graylog configuration file (see https://github.com/Graylog2/graylog2-server/blob/2.0.0-beta.3/misc/graylog.conf#L39-L45 ).

[graylog2] Re: _cat shows 2 nodes, 1 for graylog and 1 fore elasticsearch

Hi, this is perfectly normal as Graylog joins the Elasticsearch cluster as a client node (i. e. not used as master node and doesn't store any data). Cheers, Jochen On Tuesday, 19 April 2016 11:32:34 UTC+2, leck...@gmail.com wrote: > > Hello, > > I set up quite simple envirinment, graylog

[graylog2] Re: Reason: There was a problem with your search. We expected HTTP 200, but got a HTTP 500.

ster 149] > waited for 30s and no initial state was set by the discovery > [2016-04-20 18:15:53,683][INFO ][http ] [Master 149] > bound_address {inet[/10.40.4.149:9200]}, publish_address {inet[/ > 10.40.4.149:9200]} > [2016-04-20 18:15:53,684][INFO ][node

[graylog2] Re: fielddata error with search

Hi Jason, we'll gradually improve the error handling in Graylog if the need arises. As for the underlying problem, I can only recommend the immensely unpopular "throw hardware at it or reduce your data size". You can add more nodes to your cluster or add more memory to the existing nodes

[graylog2] Re: graylog 2.0 beta 3, nginx & https

Hi Josep, if you're using HTTPS for the web interface, the Graylog REST API must also be accessed via HTTPS to prevent mixed content warnings of your web browser. See https://developers.google.com/web/fundamentals/security/prevent-mixed-content/what-is-mixed-content for details about mixed

[graylog2] Re: Upgrade to v2.0

Hi Haija, the Omnibus package doesn't support a proper upgrade of Graylog 1.x to Graylog 2.0.0. The upgrade process with APT (or dpkg) most likely failed and left your system in kind of an undefined state. If the web interface is showing the correct version in its footer, everything should be

Re: [graylog2] Re: v2 and multiple interfaces, web not working

Hi, Try setting the public IP address of your EC2 instance in rest_listen_uri and web_listen_uri. See http://docs.graylog.org/en/2.0/pages/installation/graylog_ctl.html#advanced-settings and

[graylog2] Re: graylog 2.0 GA - issues with nginx and reverse proxy - Error: Request has been terminated

Hi, starting with Graylog 2.0.0, the web interface has been merged into the server component and is a single-page application directly communicating with the Graylog REST API. Thus, your client (i. e. web browser) must be able to communicate with the Graylog REST API, which isn't possible with

[graylog2] Re: Elasticsearch 2.0.0-5 Client announcing wrong URI

Hi Bryan, you can manually set the IP address for the embedded Elasticsearch instance in Graylog using the elasticsearch_network_host setting in the configuration file (see https://github.com/Graylog2/graylog2-server/blob/2.0.0/misc/graylog.conf#L187-L192) if the automatically discovered IP

[graylog2] Re: Unexpected Index rotation

Hi Mike, On Wednesday, 27 April 2016 21:30:28 UTC+2, Mike Daoust wrote: > > as of now Im thinking it was due to multiple graylog-server masters in the > cluster. I ran a config update with chef and all 3 graylog nodes ended up > as masters. > Yes, that's most likely the reason. Graylog master

[graylog2] Re: howto Upgrade from OVA Image (1.3.3) to Graylog 2.0.0

Hi, the Omnibus package currently doesn't support upgrading from Graylog 1.x to Graylog 2.0.0 which is why the upgrade fails. You should re-install Graylog 1.3.3 (or 1.3.4) to get back to a working state. We are currently working on some upgrade instructions for the Omnibus package, so that

[graylog2] Re: SSL setup making website unavailable

Cross-post: https://groups.google.com/d/msg/graylog2/kwd3nIt05DI/MrG-bn3bAwAJ On Thursday, 28 April 2016 00:31:14 UTC+2, Obie wrote: > > No, I installed the VMware OVA. Thanks for the link. -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To

[graylog2] Re: specially chars for admin password not allowed ?

Hi, the shell being used (bash in this case) treats some characters as special, e. g. '!' and '#'. You can find a rather comprehensive list of those at http://www.tldp.org/LDP/abs/html/special-chars.html. Simply put your password into single quotes and you should be fine: graylog-ctl

[graylog2] Re: How to forward logs from Cisco Devices

Hi, you simply need to activate remote syslog on your Cisco devices and point them to your Graylog server with either Syslog or Raw/Plaintext input. Also take a look at the existing Cisco content packs at the Graylog Marketplace: https://marketplace.graylog.org/addons?tag=cisco Cheers, Jochen

[graylog2] Re: How to make this Pipeline rule cleaner?

Hi Jeff, the next version of the message pipeline processor will contain functions to handle syslog priorities and levels (e. g. convert them to a string): https://github.com/Graylog2/graylog-plugin-pipeline-processor/pull/19 For now, there's no other way than creating 7 separate rules, one

[graylog2] Re: ldap or active directory settings not stored

Hi, please make sure that you didn't change the password_secret configuration setting when you've upgraded to Graylog 2.0.x and that there is only 1 entry in the "ldap_settings" collection in MongoDB. If there is more than one document in the "ldap_settings" collection, you'll have to delete

[graylog2] Re: Forwarding Logs from Grey Log via syslog to another Commerical SIEM

Hi Eric, there's a setting named "Store full message?" in the Syslog input which allows storing the original message in the full_message field. You could try and see if that helps you forwarding the original message. Cheers, Jochen On Tuesday, 24 May 2016 20:52:53 UTC+2, Eric Curley wrote: >

[graylog2] Re: Web Interface - Get Login Page and Then Error

h earlier versions, I only need > one port open. > > Thanks, > > Bill > > On Saturday, May 21, 2016 at 3:15:25 AM UTC-7, Jochen Schalanda wrote: >> >> Hi, >> >> which problem do you have specifically? Are there any error messages in >> the Develop

[graylog2] Re: Cisco Syslogs are not complete

e only extractor in there for Cisco is Catalyst and ASA, both of which I > am running. Any other ideas? > > Robert > > On Wednesday, May 25, 2016 at 10:04:30 AM UTC-5, Jochen Schalanda wrote: >> >> Hi Robert, >> >> Cisco appliances don't send valid syslog messa

[graylog2] Re: [Pipeline] verifying dropped messages

Hi, if the message isn't there, it was dropped. ;-) On a more serious note, you could generate a synthetic message which would be dropped by your rules and check if it is indeed dropped or if it is indexed. In a future version, Graylog will provide a pipeline simulator to check those things

[graylog2] Re: Cisco Syslogs are not complete

: > > I guess I'm confused. Both the custom input and the extractor from the > marketplace are configured as Raw/Plaintext UDP under System/Inputs. What > else am I missing? > > > Robert > > On Wednesday, May 25, 2016 at 10:23:03 AM UTC-5, Jochen Schalanda wrote: >&

[graylog2] Re: Web UI Output Indicator Bug (perhaps?)

Hi Ryan, there is always a default output into Elasticsearch (otherwise you couldn't search for messages), so that's what's being shown in the throughput indicator in the Graylog web interface. Cheers, Jochen On Monday, 25 July 2016 20:07:46 UTC+2, Ryan Gelston wrote: > > Hello Graylog Users,

[graylog2] Re: Help for wildcards

Hi Bruno, there are several things that might make the result being different from what you expected. Graylog is using an index mapping which sets all fields except message, full_message, and source to not_analyzed. For wildcard searches, you'll need to analyze those fields, see

Re: [graylog2] Re: Elasticsearch cluster unhealthy (RED)

Hi Arief, please post the output of the following command: curl http://localhost:9200/_cat/indices?v Also take into account, that if you're running the OVA with only 1 Elasticsearch node, the cluster health status will never get GREEN because it's configured to use 1 replica shard by

[graylog2] Re: Graylog indexes

Hi Henrique, that's not possible with Graylog. What you can do, though, is create a separate stream for each of your servers by filtering on the "source" field of the ingested messages. Please refer to http://docs.graylog.org/en/2.0/pages/streams.html for more information about streams.

[graylog2] Re: Several indices from 1 and 2 hours ago

nks a lot!! > > > El lunes, 25 de julio de 2016, 11:32:31 (UTC-3), Jochen Schalanda escribió: >> >> Hi Roberto, >> >> which exact version of Graylog are you using? >> >> There were some versions of Graylog which would rotate the indices on >>

[graylog2] Re: Removing some help messages on the web interface

Hi Aykisn, those hints can currently not be removed without forking Graylog and modifying the web interface yourself. Cheers, Jochen On Monday, 25 July 2016 09:24:39 UTC+2, Aykisn wrote: > > Hello, > > I didn't find any info on this. I was wondering i there was any way to > remove some of the

[graylog2] Re: Changing map theme for geolocation

Hi Aykisn, that's currently not possible but feel free to open a feature request for this at https://github.com/Graylog2/graylog-plugin-map-widget/issues. Cheers, Jochen On Monday, 25 July 2016 08:11:05 UTC+2, Aykisn wrote: > > Hello, > > I am using the free GeoLite2 database and I was

[graylog2] Re: Input shows running but no messages getting retrieved

Hi Thara, I think your rsyslog configuration is incorrect. "." will not match any messages, I think you mean "*.*" instead. Please refer to https://github.com/Graylog2/graylog-guide-syslog-linux/blob/master/README.md#rsyslog for instructions how to configure rsyslog. Cheers, Jochen On

[graylog2] Re: Several indices from 1 and 2 hours ago

Hi Roberto, which exact version of Graylog are you using? There were some versions of Graylog which would rotate the indices on startup if the time-based rotation strategy was being used, even if the shouldn't be rotated according to their age. Would it be feasible for you to upgrade to

Re: [graylog2] Re: Elasticsearch cluster unhealthy (RED)

d > -rw--- 1 graylog graylog 4707 Jul 10 16:59 _2pkd.fnm > -rw--- 1 graylog graylog 568 Jul 10 16:59 _2pkd.si > -rw--- 1 graylog graylog 230 Jul 14 03:18 segments_35 > > Thank for the tools link. Been check between 30 - 50 messages/sec still > consid

[graylog2] Re: Graylog is restarting...

Hi Lino, please check the logs of the Graylog process in /var/log/graylog/* for error messages. Cheers, Jochen On Wednesday, 27 July 2016 23:37:13 UTC+2, Lino Edgar wrote: > > Hi Community > > > Greetings > > > Excuse me, after install Graylog2 is not able to display the webpage, I > have the

[graylog2] Re: ./graylogctl restart results in /tmp/graylog.pid not found

Hi Sruthi, which exact version of Graylog are you using and how did you install Graylog? Cheers, Jochen On Wednesday, 27 July 2016 10:43:25 UTC+2, Sruthi wrote: > > up vote > down votefavorite >

[graylog2] Re: Elasticsearch 5?

Hi Michael, Elasticsearch 5.x is not and most probably will not be supported by Graylog 2.x. Future versions of Elasticsearch 2.x probably will work out-of-the-box, though. Cheers, Jochen On Tuesday, 26 July 2016 20:23:22 UTC+2, Michael Taylor wrote: > > The docs say Elasticsearch 2.1 or

[graylog2] Re: Alert use case scenario

Hi, that's currently not possible with Graylog, but feel free to create a feature request with your use cases at https://github.com/Graylog2/graylog2-server/issues/new. Cheers, Jochen On Wednesday, 27 July 2016 21:41:07 UTC+2, GambitK wrote: > > Because a particular request for alerting, I

Re: [graylog2] Re: Backup of indices in Graylog 1.3

Hi Roberto, please refer to the Elasticsearch documentation about backing up and restoring indices for answers to those questions: - https://www.elastic.co/guide/en/elasticsearch/guide/1.x/backing-up-your-cluster.html -

[graylog2] Re: possible to restrict select'able saved searches per user/role/stream?

Hi, saved searches are currently global objects in Graylog and not specific to a user or a role. There's a feature request for this at https://github.com/Graylog2/graylog2-server/issues/520. Feel free to add your comments (but please no simple "+1"…) there. Cheers, Jochen On Thursday, 28

[graylog2] Re: stuck to install graylog to our VPS Linux CentOS 6

Hi Luke, there's some broken YUM/RPM repository on your system. Remove or disable the "scl" repository (see https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/sec-Managing_Yum_Repositories.html for details) and run yum update. Cheers, Jochen On

[graylog2] Re: Settings for Journal when utilization is too high

Hi Roberto, I'm sure you think your issue is urgent, but please stick to one thread on the mailing list for each individual problem: - https://groups.google.com/d/msg/graylog2/tw9IH9uw_l4/B68bwV6NAgAJ - https://groups.google.com/d/msg/graylog2/Yz3jmpfqnwQ/0jEowgPqAgAJ Cheers, Jochen

Re: [graylog2] Incoming logs incorrectly formatted

Hi Joshua, On Thursday, 28 July 2016 00:00:36 UTC+2, Joshua Walderbach wrote: > > I did that and reformatted my nxlog.conf. But messages are truncated for > my platform logs, windows events look great. This problem is most likely caused by the default value of the ShortMessageLength setting

[graylog2] Re: Java stacktrace

xandre > > Em quinta-feira, 28 de julho de 2016 14:18:59 UTC+1, Jochen Schalanda > escreveu: >> >> Hi Alexandre, >> >> the Docker GELF driver only supports sending messages line-by-line to >> Graylog. >> >> If you want to receive the complete Ja

[graylog2] Re: Java stacktrace

Hi Alexandre, the Docker GELF driver only supports sending messages line-by-line to Graylog. If you want to receive the complete Java stack trace of an exception in one message, you should use one of the existing GELF appenders for the logging framework being used in your Java application.

[graylog2] Re: Searching for fields inside JSON field

Hi Alexandre, you could use the JSON extractor in Graylog to expand the content of the message field into the Graylog message. But I would recommend using a proper GELF appender for your logging framework in the

[graylog2] Re: graylog 2.0.3-1 web interface login page slow loading

Hi Hassan, you can try activating GZIP for the web interface if you accidentally deactivated it (it's enabled by default, see https://github.com/Graylog2/graylog2-server/blob/2.0.3/misc/graylog.conf#L95-L97 ). Other than that I'm afraid there's not much you can do to reduce the initial

[graylog2] Re: Add Elastic Search Nodes?

Hi Nathan, the two configuration settings you've mentioned, elasticsearch_discovery_zen_ping_multicast_enabled and elasticsearch_discovery_zen_ping_unicast_hosts, are from the Graylog configuration file and don't need to be changed when adding another Elasticsearch node. Simply make sure,

[graylog2] Re: Can't access to Graylog 2.0 web interface

Hi Alejandro, 127.0.0.1 is the so-called loopback address which loops back (ha!) to the local machine and which is not accessible from outside of that system. You need to set rest_listen_uri and web_listen_uri to a publicly accessible IP address, or http://0.0.0.0:12900 and http://0.0.0.0:9000

[graylog2] Re: Help GRAYLOG input GELF

Hi Rafael, On Thursday, 28 July 2016 18:50:03 UTC+2, Rafael Pereira Silva wrote: > > now my doubt is this: If I want to send logs to another server, type logs > (log of TOMCAT, application LOG) I need to install and configure the logstash > on that server agent? > > The messages have to get

[graylog2] Re: Do we have use separate ports servers to send logs to graylog

Hi Thara, different inputs usually listen on different ports, so if you have multiple input formats like syslog, GELF, or any other, you'll most likely have to use different ports for those inputs. This being said, if you only have syslog messages you want to record, you can use a single

[graylog2] Re: Input shows running but no messages getting retrieved

Hi Thara, please describe in detail which type of input you have set up in Graylog, how you have configured it, and how you have configured your clients. Cheers, Jochen On Thursday, 21 July 2016 19:54:29 UTC+2, Thara Savio wrote: > > The input shows running but no messages getting retrieved.

[graylog2] Re: Graylog does not show some messages when using two extractors for the same input

Hi Alexandre, the JSON extractor will happily overwrite the existing field and that's probably the problem. If the "level" field is not numeric, Graylog and Elasticsearch will fail to index it. You should find numerous "index failures" in the logs of your Graylog node and in the

[graylog2] Re: graylog 2.0.3-1 web interface login page slow loading

Hi Hasan, the JavaScript files of the Graylog web interface are already minified. Cheers, Jochen On Thursday, 28 July 2016 20:13:05 UTC+2, hasan akgöz wrote: > > Hello Jochen, > > I see . I didn't change Gzip option. Maybe I try make minify to minify > graylog .js and .css files. is it

[graylog2] Re: Graylog does not show some messages when using two extractors for the same input

Hi Alexandre, are there any error messages in the logs of your Graylog nodes? Are you 100% sure that the Java logs are ingested by Graylog? Are the timestamps of those Java logs correct or might they be "in the future" so that a normal search query doesn't include them? Cheers, Jochen On

[graylog2] Re: Creating a graph using two fields

Hi Alexandre, you can simply run a search for http_code:404 and then select the field you want to create a graph for from the side bar, e. g. "host", and click on "Quick values". The resulting graph can then be added to a dashboard. Cheers, Jochen On Thursday, 28 July 2016 22:23:46 UTC+2,

[graylog2] Re: graylog cluster

Hi, make sure that all Graylog nodes are using the same MongoDB database and that the password_secret setting is identical across all nodes. See http://docs.graylog.org/en/2.0/pages/configuration/multinode_setup.html for further details. Cheers, Jochen On Friday, 29 July 2016 10:32:38 UTC+2,

[graylog2] Re: Searching for fields inside JSON field

you for the information about JSON extractor, I'll try it. > > Cheers, > Alexandre > > Em quinta-feira, 28 de julho de 2016 16:13:01 UTC+1, Jochen Schalanda > escreveu: >> >> Hi Alexandre, >> >> you could use the JSON extractor in Graylog >>

Re: [graylog2] Incoming logs incorrectly formatted

Hi Joshua, you can use a JSON extractor for expanding the message field. Seeing that it's a Java application, I'd recommend using one of the many existing GELF appenders for Java logging frameworks on the Graylog Marketplace to let your

[graylog2] Re: Graylog 2.0 archive feature

Hi Alejandro, On Friday, 29 July 2016 15:15:33 UTC+2, Alejandro Cabrera Obed wrote: > > Is there any possibility that Graylog open source will have the archive > feature enabled in the near future??? > That's rather unlikely at the moment. We have to earn money to live, too. But you can order

[graylog2] Re: Filtering needed log message only (via Stream), and setup an alert

Hi Arief, the stream with the rule you've described ("level must be exactly 3") should be fine. The alert condition you've created is wrong, as "level:3" is not a field (but "level" is). What exactly do you want to achieve with the alert condition? Cheers, Jochen On Monday, 1 August 2016

[graylog2] Re: Filtering needed log message only (via Stream), and setup an alert

to get the alert early rather that stare on the dashboard actually. > :D > > The Stream rules that I created is receiving log msg from Windows Server. > > On Monday, August 1, 2016 at 2:47:54 PM UTC+8, Jochen Schalanda wrote: >> >> Hi Arief, >> >> the stre

[graylog2] Re: Highly utilize RAM. Any option to reduce it?

Hi Arief On Monday, 1 August 2016 11:44:08 UTC+2, Arief Hydayat wrote: > > I didn't get your point with the VM problem? Mean on the VMWare side? > Usually what kind of problem is it? > My question was if you had any problems with the memory consumption in your virtual machine or you only had

[graylog2] Re: Graylog web access through TCP/443 with Stunnel4

Hi Alejandro, please read http://docs.graylog.org/en/2.0/pages/upgrade.html#from-1-x-to-2-x and http://docs.graylog.org/en/2.0/pages/configuration/web_interface.html. If you're using HTTPS for the Graylog web interface, you also have to use HTTPS for the Graylog REST API. Otherwise your web

[graylog2] Re: Help graylog2 can not start!!!

Hi Nile, please make sure that the "data" directory is readable for the Graylog user. You could also set elasticsearch_path_home and elasticsearch_path_data in your Graylog configuration file to any readable directory. As a side node, you can't use the ~ character for path settings in the

[graylog2] Re: mongod process using over 100% CPU slowing down graylog

Hi Ariel, MongoDB shouldn't need much processing power when being used by Graylog. Are there any error messages in the logs of your MongoDB nodes? Are there any unusually large collections in the MongoDB database used by Graylog? Which MongoDB storage engine (MMAPv1, WiredTiger) are you using?

[graylog2] Re: Disk Journal / Kafka Input / Throttling

we are running 2.0.3) > > On Tuesday, 19 July 2016 22:04:59 UTC+10, Jochen Schalanda wrote: >> >> Hi Eli, >> >> On Tuesday, 19 July 2016 13:18:49 UTC+2, Eli Jordan wrote: >>> >>> My understanding is that the disk journal is just an internal Kafka >&

[graylog2] Re: Highly utilize RAM. Any option to reduce it?

Hi Arief, I guess you're running Graylog, Elasticsearch, and MongoDB on the same machine. Those three applications simply require a certain amount of memory. This being said, your system is fine. Every byte of unused RAM is basically useless and waste, so Linux is trying to optimally fill the

[graylog2] Re: Dealing with multiple log formats in the same input

Hi Alexandre, is there anything wrong with running different inputs for different kind of log messages in your opinion? The general format of GELF message is: > @timestamp > @version > level > container_name > conainter_id > image_name > message (content can be JSON, Apache or Tomcat

[graylog2] Re: Highly utilize RAM. Any option to reduce it?

Hi Arief, On Tuesday, 2 August 2016 10:16:01 UTC+2, Arief Hydayat wrote: > > Later if I increase the memory, again Linux and the JVM will use as much > available memory as possible. and that's normal, right? :-) > Yes, that's correct. > Just with next question anyway, those 3 components

[graylog2] Re: New to graylog fresh install can only login to graylog via localhost

at 12:46:48 PM UTC+2, Guillaume Migaszewski >>> wrote: >>>> >>>> Thanks a lot for this outstanding help . >>>> >>>> I ll check those links . I am impressed by your knowledge regarding >>>> REST API and graylog

<    4   5   6   7   8   9   10   11   12   13   >