Hello,
I have following architecture Logstash -> RabbitMQ ->Graylog
I have issue in indexer with parsing:
17 minutes ago graylog_0 d58fe350-f41b-11e6-8407-000c29438b97
MapperParsingException[failed to parse [level]]; nested:
NumberFormatException[For input string: "information"]
In logstash deb
Hi Tom,
please share all relevant details about your setup (configuration of the
output, configuration of the receiving server, logs of both systems, etc.).
See http://docs.graylog.org/en/2.2/pages/configuration/file_location.html
for the correct file locations in your system.
Cheers,
Jochen
Hi Rayees,
What are you trying to accomplish?
What did you try so far?
What did you expect and what was the actual result?
Cheers,
Jochen
On Wednesday, 15 February 2017 23:24:35 UTC+1, Rayees Namathponnan wrote:
>
> Hi All,
>
> Is there any details doc for Json extractor ? i looked “
> http://do
Hi Jiří,
the "level" message field has to be a numeric value, i. e. the numeric
severity level of syslog
messages: https://en.wikipedia.org/wiki/Syslog#Severity_level
You can use message processor pipeline rules to change that in
Graylog: http://docs.graylog.org/en/2.2/pages/pipelines.html
Al
hi,
Is is possible to do a rolling upgrade to a graylog cluster (from 2.1 to
2.2)? If so, should I upgrade master first or non-master nodes first?
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiv
Hi Everyone,
Does any body knows if there is any REST api for graylog to get the logs
based on time? For example api to get logs for last 30 days.
If its not can we directly get the logs form elasticsearch by querying
elaticsearch.?
Thanks in advance
Anant.
--
You received this message becau
Thank you! Resolved with renaming level to log_level in logstash
configuration
rename => [ "level" , "log_level" ]
Regards,
Jiri
On Thursday, February 16, 2017 at 10:02:37 AM UTC+1, Jochen Schalanda wrote:
>
> Hi Jiří,
>
> the "level" message field has to be a numeric value, i. e. the numeric
Hi,
On Thursday, 16 February 2017 10:34:07 UTC+1, jtkarvo wrote:
>
> Is is possible to do a rolling upgrade to a graylog cluster (from 2.1 to
> 2.2)? If so, should I upgrade master first or non-master nodes first?
>
Due to some changes in the index management it's not possible to do a
rolling
Hi Anant,
you can query the complete data set over the Graylog REST API, check the
search-related resources in the Graylog API browser at
http://127.0.0.1:9000/api/api-browser (URI might be different for your
setup).
Cheers,
Jochen
On Thursday, 16 February 2017 10:34:04 UTC+1, Anant Sawant wr
Hi,
we have the same here (no plugins) especially with chrome (and also
firefox). Our Server is behind a reverse https Proxy (apache). Tested with
2.1.3 and 2.2
It seems there is a Problem with authentification or cookie?.
If you manualy call https://"yourservername.com"/api/system/cluster/nod
I saw that, but I'm not wanting to spend $6000 a year for that feature.
Was hoping there were more options.
On Wednesday, February 15, 2017 at 7:31:29 PM UTC-6, Richard S.
Westmoreland wrote:
>
> They have an Enterprise version that archives the ES, I suggest looking
> into that.
>
>
> On Feb
I reverted, no change.
It doesn't affect the GC long pauses.
Where do I configure the threshold for this?
Thanks
On Monday, February 6, 2017 at 11:44:26 AM UTC+2, Jochen Schalanda wrote:
>
> Hi Nitzan,
>
> you've configure a very high number of processbuffer_processors and
> outputbuffer_proces
Hi Nitzan,
On Thursday, 16 February 2017 14:20:33 UTC+1, Nitzan Haimovich wrote:
>
> Where do I configure the threshold for this?
>
You can configure this with the gc_warning_threshold
setting: https://github.com/Graylog2/graylog2-server/
blob/2.2.0/misc/graylog.conf#L527-L529
But be aware tha
Hi Dan,
On Thursday, 16 February 2017 13:53:08 UTC+1, Dan Hoffmann wrote:
>
> I saw that, but I'm not wanting to spend $6000 a year for that feature.
> Was hoping there were more options.
>
You can still use the Elasticsearch snapshot functionality with all its
drawbacks (like potentially bein
Hi,
We have a cluster of 3 Graylog nodes. Each node had 8 cores and 32GB memory.
The cluster works pretty well, we gain a very nice throughput (around
40,000 msgs for input and output).
We encounter a very strange problem tho - Sometimes, with no clear reason,
one or two nodes suddenly stops to
Might there be an easy to read how to on this somewhere that you know
about? A quick GIS turns up some info, but it's not easy to follow in my
current level of product knowledge.
On Thursday, February 16, 2017 at 7:26:24 AM UTC-6, Jochen Schalanda wrote:
>
> Hi Dan,
>
> On Thursday, 16 February
The message you are seeing below is extracted from log, i did this by using
regular expression extractor and store as “Input"
[{"path": “/test/test3/midm_new/20160912", "tag": "MidmRaw", "stats": {"size":
"2.27TB"}}, {"path": "/proce/test2/parse//cil/latest", "tag": "cil", "stats":
{"size": "6
Hi Dan,
On Thursday, 16 February 2017 14:43:19 UTC+1, Dan Hoffmann wrote:
>
> Might there be an easy to read how to on this somewhere that you know
> about? A quick GIS turns up some info, but it's not easy to follow in my
> current level of product knowledge.
>
See
https://www.elastic.co/gui
Hi all - I was wondering if anyone could help.
I've been using Graylog successful, in production for several months now.
Today, I've run in to my first real problem.
I'm sending in some FSLogix log files, from a Windows machine, using NXLog.
They're getting to Graylog just fine, and at first the
OK...so here's the scoop. All Graylog Servers in use are built from the
OVA...all version 2.13
Graylog Server 1 - Sits at our remote office. Collects Windows Events for
the site. It has a series of streams setup. Each stream is using a GELF TCP
port 12203 output to my main office
Graylog Serve
Hi Tom,
this looks like an encoding problem (UTF-16 vs. UTF-8),
see https://github.com/Graylog2/graylog2-server/issues/3130 for a related
issue with a potential fix.
Cheers,
Jochen
On Thursday, 16 February 2017 16:19:33 UTC+1, Tom Collins wrote:
>
> Hi all - I was wondering if anyone could hel
Hi Tom,
On Thursday, 16 February 2017 16:28:09 UTC+1, Tom Powers wrote:
>
> If I turn TLS on for the Input side (Server 2), and click the Verify TLS
> on the client side(server1) (like I have done in my test lab), then the
> Server2 doesn't receive anything on the input.
>
Have the SSL cer
Wonderful, thank you.In my case, the encoding was UCS-2LE. Added the
following to my nxlog config, and everything is now working correctly;
Exec convert_fields('UCS-2LE','UTF-8'); if $raw_event == '' drop();
On Thursday, February 16, 2017 at 3:19:33 PM UTC, Tom Collins wrote:
>
> Hi all - I wa
I am having the same problem with 2.2.0 release. If I set the Pipeline
connection to a specific Stream the Pipeline rule isn't applied (confirmed
the messages are going to the Stream). However, setting the Pipeline
connection to the default "All Messages" Stream seems to work fine. Am I
miss
Hi,
So rolling upgrade is not supported? Good to know, because I was going to
upgrade our production setup (with 3 graylog-server nodes version 2.1.3)
using the rolling upgrade method.
So basically the upgrade steps are in my scenario are:
1) Shutdown all (three) graylog-server nodes
2) Upgrade
That's the problem then.
What files need to move from the server 2 took the server 1 machines?
Getting to find doc on that, but it's sparse
Thanks
Tp
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop
Am Dienstag, 14. Februar 2017, 23:32:42 schrieb celtar:
> Elasticsearch uses per default dynamic Mapping as described here
> https://www.elastic.co/guide/en/elasticsearch/guide/2.x/dynamic-mapping.html
>.
> I can use different type of fix mapping e.g in Elasticsearch, maybe i use
> Logstash or use
Hello all-
Windows app server into Graylog 2.1.0.
Like many, we have multiline log messages. There is presently no clearly
defined syntax around these messages, no end delimiter.
I'm able to flow messages in using filebeat, but I can't capture multiline
messages properly. I believe per a Grayl
Hey guys,
I'm trying to configure two graylog servers to read from the same topic in
kafka. But when I choose global input, only one of my servers can read from
kafka.
I'm wondering if it is something that I'm doing wrong or it's not possible
as of now.
Thanks
--
You received this message
I've found this article on the right place to put the certs...but not sure what
format or how to get them out of the master server
http://docs.graylog.org/en/2.0/pages/faq.html#i-have-configured-an-smtp-server-or-an-output-with-tls-connection-and-receive-handshake-errors-what-should-i-do
--
You
30 matches
Mail list logo