[graylog2] Re: Error - the server returned: 404 - on login

Hi Evgueni, please post your Graylog configuration and tell us more about your network setup (e. g. on which systems Graylog and Elasticsearch are running). Cheers, Jochen On Wednesday, 21 September 2016 21:40:05 UTC+2, Evgueni Gordienko wrote: > > Hi, > > I have graylog2 (2.1) working fine wit

Re: [graylog2] Re: Graylog configuration of filebeat and graylog collector sidecar

Hello After adding beat input in web issue has been solved *REGARDS:KUNAL VIKAS PATIL9860265594* On Thu, Sep 22, 2016 at 12:25 PM, Kunal Patil wrote: > Hello > do we need logstash in service in graylog server for reciving the logs > send by beats > as genarated configuration shows below

[graylog2] Re: Broken Streams?

Hi, what's the exact alert condition you're using? Kindly include some example messages, too. Cheers, Jochen On Wednesday, 21 September 2016 18:29:00 UTC+2, Nathan Mace wrote: > > Recently upgraded to 2.1 and just noticed this behavior. > > I have a stream that matches against two rules: > > Ev

[graylog2] Re: Graylog Stream Messages Disappearing

Hi Kenneth, retention currently only works on index-level, not on stream-level. What exactly do you mean with disappears? Can you still find the message via the universal search? Is the index containing the message still available? Cheers, Jochen On Thursday, 22 September 2016 05:03:45 UTC+2,

[graylog2] Re: Graylog 2.0.1 Web Interface Issue

Hi Jochen, No reverse proxies in front of Graylog and I updated the settings to look like this but the error persists (minus the /api reference): /etc/graylog/server/server.conf rest_listen_uri = http://0.0.0.0:12900/ web_listen_uri = http://0.0.0.0:9000/ web_endpoint_uri = http://MY_AWS_RT53_DN

[graylog2] Re: Graylog 2.0.1 Web Interface Issue

Hi Chris, On Thursday, 22 September 2016 10:57:20 UTC+2, Chris wrote: > > /etc/graylog/graylog-settings.json > If you're using the graylog-ctl script , manual changes in the Graylog configuration file will be overwritten if yo

Re: [graylog2] Error - the server returned: 404 - on login

Hej Evgueni, I have graylog2 (2.1) working fine with external elk (elasticsearch) cluster. But login fails:   Error - the server returned: 404 - cannot POST http://elk.test.com:9000/system/sessions (404) I can ping elk.test.com. you got something wrong in your settings. is elk.test.com the U

Re: [graylog2] Problem using sidecar with Win2003

Hej Werner, Due to some legacy software still in process of being migrated, we have a few Windows Server 2003 (i386) boxes about. as you have already opened an issue (  https://github.com/Graylog2/collector-sidecar/issues/66 ) I did not need to ask for this /jd -- You received this messag

[graylog2] Re: Possible to configure no default access for ldap?

Just wanted to say thanks for this solution, helped me a lot as I wanted to do the same. Have ldap on, deny access by default and only grant users form specific security groups access. This needs to be added as a feature request. Cheers Frank! Björn On Friday, January 22, 2016 at 9:05:29 PM

Re: [graylog2] Different color for different status

Thank you for your answer Jan, but to be honest I don't really know how to do that with decorators. As you can see in the screenshot the lines already comes with the ANSI escape color sequence but are shown in cyan on Graylog. Thanks Tony 2016-09-18 11:51 GMT+01:00 Jan Doberstein : > Hi Tony,

[graylog2] Re: Graylog 2.0.1 Web Interface Issue

Hi Jochen, I couldn't find the 'graylog-ctl' scripts so I wasn't sure where the json files has come from on this server. I have been changing the server.conf manually but I got to the point where I had spent too much time on this server. The environment is due to be destroyed and the newly de

Re: [graylog2] Different color for different status

Hi Tony, the message decorators currently (as of Graylog 2.1.1) do not support changing the HTML markup of messages in the web interface. Cheers, Jochen On Thursday, 22 September 2016 14:21:47 UTC+2, Tony wrote: > > Thank you for your answer Jan, but to be honest I don't really know how to > d

Re: [graylog2] Different color for different status

Thank you Jochen, should be see it in the next release? Thanks Tony 2016-09-22 15:05 GMT+01:00 Jochen Schalanda : > Hi Tony, > > the message decorators currently (as of Graylog 2.1.1) do not support > changing the HTML markup of messages in the web interface. > > Cheers, > Jochen > > On Thursda

Re: [graylog2] Different color for different status

Hi Tony, we might add it in the future but most probably not in the next release (Graylog 2.2.0). Cheers, Jochen On Thursday, 22 September 2016 16:08:20 UTC+2, Tony wrote: > > Thank you Jochen, should be see it in the next release? > > Thanks > > Tony > -- You received this message because yo

[graylog2] Filebeats collector only one output

Good Morning/Afternoon/Evening/Night, I'm probably missing or misunderstanding something or missing some documentation that says this is not supported but here goes... When I configure multiple outputs in my Beats Collector Sidecar configuration in the web interface only one seems to make it to

Re: [graylog2] Filebeats collector only one output

Hi Steve, Filebeat currently doesn't support multiple outputs in the way NXlog is doing it. There is a ticket for it here: https://github.com/Graylog2/collector-sidecar/issues/57 In the end we will allow only one output per beat instance and show some message in the web interface. Cheers, Marius

Re: [graylog2] Filebeats collector only one output

Thanks Marius, That's unfortunate, are there no plans to have the collector-sidecar service to run separate instance of filebeat for each output get around the limitations of filebeat? On Thursday, September 22, 2016 at 11:45:09 AM UTC-4, Marius Sturm wrote: > > Hi Steve, > Filebeat currently d

Re: [graylog2] Filebeats collector only one output

Currently the idea goes like this: if you need routing inside the collector use nxlog if not use filebeat. I fear when we start to work around collectors inabilities we end up in hairy ball of processes. In the end the Sidecar is a configuration helper and not a feature compensator. And there is st

[graylog2] Re: Error - the server returned: 404 - on login

My mistake - had wrong entry for web_endpoint_uri It should be web_endpoint_uri = http://:9000/api/ Thanks, Evgueni On Wednesday, September 21, 2016 at 12:40:05 PM UTC-7, Evgueni Gordienko wrote: > > Hi, > > I have graylog2 (2.1) working fine with external elk (elasticsearch) > cluster. > > Bu

[graylog2] Do I have to uninstall filebeat for collector-sidecar installation?

Hi All, I have filebeat running on my client and need to install sidecar. The yum installation results: Transaction check error: file /usr/bin/filebeat from install of collector-sidecar-0.0.9-1.x86_64 conflicts with file from package filebeat-1.3.1-1.x86_64 Should I uninstall filebeat first?

Re: [graylog2] Do I have to uninstall filebeat for collector-sidecar installation?

Hi, you dont have to, it's included in the Sidecar package for ease of installation but you can point in the configurtion file to the executable you want to use. Cheers, Marius On 22 September 2016 at 20:04, Evgueni Gordienko wrote: > Hi All, > > I have filebeat running on my client and need t

[graylog2] Trying to Get Message from One Stream to Another

I want to get alert emails in certain circumstances that the out of the box alert system does not support (using AND's and OR's). I'm trying to use a pipeline to take messages from one stream and put them into another. The rules in the pipeline can filter the messages for me and then I would be

[graylog2] Re: Graylog Stream Messages Disappearing

Hi Jochen, When you say index, do you mean the input? Also how can i check the retention for the index/input level? I have tried going to the input and but I haven't really made note if the messages are the same because I when i go to the input and the message is there, then it should be in the

[graylog2] unable to figure out permissions using REST API

Hi there I'm wanting to create a "read only" admin account that can do any search query against graylog that we want. I created a local account (normally we use LDAP) which just had the "Reader" role - and it couldn't do anything. I then gave it the Admin role and it could indeed search for everyt

[graylog2] Re: Graylog Stream Messages Disappearing

Hi Kenneth, On Thursday, 22 September 2016 21:32:49 UTC+2, Kenneth Gyan wrote: > > When you say index, do you mean the input? > No, I mean index: http://docs.graylog.org/en/2.1/pages/index_model.html On Thursday, 22 September 2016 21:32:49 UTC+2, Kenneth Gyan wrote: > Also how can i check the

[graylog2] Re: unable to figure out permissions using REST API

Hi Jason, the required permissions are: - searches:absolute - searches:keyword searches:relative See https://github.com/Graylog2/graylog2-server/blob/2.1.1/graylog2-server/src/main/java/org/graylog2/shared/security/RestPermissions.java#L106-L108 Cheers, Jochen On Thursday, 22 Septemb