[graylog2] graylog2 timestamp not from application log message

is using the timestamp to do query. I was able to do it with Logstash by using a date filter, and I was able to do it with Fluentd by using a plugin. Both worked beautifully. However, I have not found a solution for graylog2. Is there a workaround? Thanks Wayne -- You received this mes

[graylog2] Re: graylog2 timestamp not from application log message

et through Graylog2 server, and the timestamp in Graylog2 is still UTC time. Is it not the right way to get the log messages into Graylog2 server? Thanks, Wayne On Thursday, October 13, 2016 at 10:34:29 AM UTC-4, Jochen Schalanda wrote: > > Hi Wayne, > > On Thursday, 13 October 2016

[graylog2] Re: graylog2 timestamp not from application log message

Grok pattern Thanks, Wayne On Thursday, October 13, 2016 at 10:34:29 AM UTC-4, Jochen Schalanda wrote: > > Hi Wayne, > > On Thursday, 13 October 2016 16:30:18 UTC+2, Wayne wrote: >> >> I understand that the timestamp reflects the time that graylog imported >>

[graylog2] Re: graylog2 timestamp not from application log message

seems that the Toronto in the dropdown did not work. Thanks, Wayne On Friday, October 14, 2016 at 12:32:44 PM UTC-4, Jochen Schalanda wrote: > > Hi Wayne, > > the following extractor is working for me without problem: > > { > "extractors": [ >

[graylog2] Re: graylog2 timestamp not from application log message

n? Thanks, Wayne On Monday, October 17, 2016 at 2:25:53 AM UTC-4, Jochen Schalanda wrote: > > Hi Wayne > > On Friday, 14 October 2016 19:36:17 UTC+2, Wayne wrote: >> >> I have tried your extractor, and it looks like it almost worked, except >> that the timestamp seems t

[graylog2] Re: graylog2 timestamp not from application log message

igured as either "Toronto" or "GMT+4" What is correct timezone setting that can fix this issue? Thanks Wayne On Tuesday, October 18, 2016 at 10:35:58 AM UTC-4, Wayne wrote: > > Hi Jochen, > > It is tricky. > > Now I found out the extractor to overwri

[graylog2] Internal message queue for graylog2?

any internal message queue to hold messages in case of high load. Thanks, Wayne -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog

[graylog2] Re: graylog2 timestamp not from application log message

-10-18T17:28:55.644Z In actuality, the timestamp of the application log message was 13:28:55.644 So it is always reporting UTC time, and not local timezone that I configured in server.conf and the extractor. Is it something that will be fixed later? Thanks Wayne On Tuesday, October 18

[graylog2] Re: graylog2 timestamp not from application log message

Got it. Thanks a lot! Wayne On Wednesday, October 19, 2016 at 3:00:17 AM UTC-4, Jochen Schalanda wrote: > > Hi Wayne, > > On Tuesday, 18 October 2016 20:01:11 UTC+2, Wayne wrote: >> >> The problem is that when an alert email is sent, the Date is showing UTC >

[graylog2] Re: Internal message queue for graylog2?

Hi Jochen, It is stated in 2.1 document that Kafka and RabbitMQ can be configured as transport queue. What are the use cases/scenarios which we need to do the above configuration considering Graylog already has its own way to persist the messages? Thanks, Wayne On Wednesday, October 19

[graylog2] Some fields generated from Extractor are not searchable

onfiguration that is required to ensure all the extracted fields to be searchable? Thanks, Wayne Note: I access url to check the fields and mapping in each search index: http://localhost:9200/_mappings -- You received this message because you are subscribed to the Google Groups "

[graylog2] Re: Some fields generated from Extractor are not searchable

data type is not the default string type. However, the log_message field is still string type. So it may not make much difference if I set up custom mapping for this field? Thanks, Wayne On Wednesday, October 19, 2016 at 12:22:32 PM UTC-4, Jochen Schalanda wrote: > > Hi Wayne, > > On Wed

[graylog2] Does Graylog server save a copy of the original log messages before indexing the message

f the messages? Thanks, Wayne -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion o

[graylog2] Re: Internal message queue for graylog2?

I think it is sufficient for us to stick to the default configuration without external message queue. Thanks, Wayne On Wednesday, October 19, 2016 at 9:14:11 AM UTC-4, Jochen Schalanda wrote: > > Hi Wayne, > > On Wednesday, 19 October 2016 15:07:07 UTC+2, Wayne wrote: >> >

[graylog2] Re: Does Graylog server save a copy of the original log messages before indexing the message

my colleague who was thinking about retrieving information from the consolidated data (log messages from multiple source). Thanks, Wayne On Thursday, October 20, 2016 at 6:16:14 AM UTC-4, Jochen Schalanda wrote: > > Hi Wayne, > > On Wednesday, 19 October 2016 21:28:25 UTC+2,

[graylog2] re-index after the data mapping is changed with updated Extractor.

? On the other hand, is there anyway to do it manually? I understand that the ELK stack could do a re-index, but I am not sure if there is a way to do it similarly? Thanks, Wayne -- You received this message because you are subscribed to the Google Groups "Graylog Users"

[graylog2] Re: re-index after the data mapping is changed with updated Extractor.

between between these two types of indexes, and if the configuration is set up to delete old indexes, which indexes will be deleted? Thanks, Wayne On Thursday, October 20, 2016 at 11:50:08 AM UTC-4, Jochen Schalanda wrote: > > Hi Wayne, > > On Thursday, 20 October 2016 16:49:23

[graylog2] Re: re-index after the data mapping is changed with updated Extractor.

sidecar be log shipper in this scenario, or I need to install logstash to do the job? Thanks Wayne On Thursday, October 20, 2016 at 1:54:53 PM UTC-4, Jochen Schalanda wrote: > > Hi Wayne, > > On Thursday, 20 October 2016 18:13:21 UTC+2, Wayne wrote: >> >> That pr

[graylog2] Re: re-index after the data mapping is changed with updated Extractor.

input, isn't this an endless loop because the input and destination are the same search index? Thanks, Wayne On Friday, October 21, 2016 at 9:02:12 AM UTC-4, Jochen Schalanda wrote: > > Hi Wayne, > > On Friday, 21 October 2016 14:51:55 UTC+2, Wayne wrote: >> >> I o

[graylog2] Re: re-index after the data mapping is changed with updated Extractor.

Thank you very much Jochen. I will investigate the solution later. Thanks, Wayne On Friday, October 21, 2016 at 11:54:43 AM UTC-4, Jochen Schalanda wrote: > > Hi Wayne, > > On Friday, 21 October 2016 15:44:06 UTC+2, Wayne wrote: >> >> In the case where I install Elast

[graylog2] Could not successfully connect to ElasticSearch?

t;, "timed_out" : false, "number_of_nodes" : 1, "number_of_data_nodes" : 1, "active_primary_shards" : 0, "active_shards" : 0, "relocating_shards" : 0, "initializing_shards" : 0, "unassigned_shards" : 0 } Much

[graylog2] Graylog server always collect expired logs, these logs are generated long before , and now the switch has no such logs.

My graylog server always collect expired logs, these logs are generated long before , and now the switch has no such logs. [image: image] The current log's source is 2017, The log whose sour

[graylog2] Re: Graylog server always collect expired logs, these logs are generated long before , and now the switch has no such logs.

Hi, I deleted the command that send logs to graylog server in the switch, But, graylog can receive the logs of this switch as before. I don't know where those logs received by the graylog server come from?

[graylog2] Re: Graylog server always collect expired logs, these logs are generated long before , and now the switch has no such logs.

Hi, This messages shows received by deleted input on 0de4fb00 / Unknown, as shown in FIG: But the normal messages shows receive

[graylog2] Re: Graylog server always collect expired logs, these logs are generated long before , and now the switch has no such logs.

Hi, I haved stopped input, the graylog should not receive all logs, BUT the abnormal message can be received as before. 在 2017年2月6日星期一 UTC+8下午6:40:50，Jochen Schalanda写道： > > Hi, > > are you sure that these messages are ingested right now and don't simply > have a timestamp "in the future" (e.