[graylog2] Pluggable Functions - Getting Started

In the docs it is stated that "functions are written in Java and are pluggable, allowing extending the capabilities of Graylog in a simple manner." I am more or less experienced with plugin development for Graylog; however, I ca

[graylog2] Re: An issue with search in fields

Have you tried ngnix_useragent:*google*? -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the w

[graylog2] Re: An issue with search in fields

This is because ngnix_useragent is apparently a non-analysed field ( https://www.elastic.co/guide/en/elasticsearch/guide/current/mapping-intro.html ). Try ngnix_useragent:*google* instead. -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsu

[graylog2] Pipelines and extractor processing order

Hi, I noticed that pipelines are processed before extractors are applied. Is there a possibility to apply extractors prior to pipeline processing? -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receivi

[graylog2] Re: Pipelines and extractor processing order

Thanks Jochen, that's what I was looking for! -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on

[graylog2] Re: How get message id using GrayLog2 API

Hi Marcin, you can query the message ID by requesting the field *_id* (notice the underscore). -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubs

[graylog2] Re: Search with wildcard in other fields

Jochen, how is it possible then that I can search not-analyzed fields with wildcards? Suppose we have a field "method". Further, there are two different values in total; first: "dosomething" and second: "doanotherthing". Now if I search for "method:do*thing", I get both values in the result. Wh

[graylog2] Re: Search with wildcard in other fields

Okay, so while doing some research on analyzers and wildcard searches in not-analysed field in ES, I stumbled upon an issue which exactly deals with that problem and has been discussed in the ES community a couple of times already. The thing is that there is a parameter lowercase_expanded_terms

[graylog2] Re: does graylog support multi-value queries?

Hi Jason, from working with Logstash, I know you can add tags to the field "tags". However, I just realised that it is just a text field with its values being separated by commas. This means that indeed you have to do a wildcard lookup when searching those fields. Maybe this should be added as

Re: [graylog2] Re: Graylog2 Regex extractor help

Maybe you could also try the character class whitespace (\s), which should work in general. On Tuesday, July 5, 2016 at 6:33:23 AM UTC+2, Zoizo wrote: > > Okay I found the solution. > > For some reason, the space after "Nom du compte is a non breaking space. > So I used alt 0160 to put a non-bre

[graylog2] Plugin Development: POM for org.graylog.plugins:usage-statistics is missing

Hi, I get the following Maven output when trying to build a plugin: [...] [WARNING] The POM for org.graylog.plugins:usage-statistics:jar:2.0.0-SNAPSHOT is missing, no dependency information available [...] [ERROR] Failed to execute goal on project [...]: Could not resolve dependencies for proj

[graylog2] Re: Plugin Development: POM for org.graylog.plugins:usage-statistics is missing

Hi Jochen, actually, the usage statistics plugin has been pulled already (it is a subdirectory of graylog-project and it has its own POM - I even went to that directory to make a build via mvn install). I still get the error mentioned above and this is why I really have no idea what is going wr

[graylog2] Re: Plugin Development: POM for org.graylog.plugins:usage-statistics is missing

I have just found out that the problem is due to differing versions of the usage-statistics plugin between the build path of my plugin project and my Maven repository. My plugin build path expects usage-statistics-2.0.0-SNAPSHOT.jar whereas my Maven repository only contains version 2.1.0-SNAPSH

[graylog2] Re: Plugin Development: POM for org.graylog.plugins:usage-statistics is missing

For anyone interested in a (dirty) workaround: I checked out version 2.0.0 of the usage statistics plugin and modified the version in the POM adding "-SNAPSHOT". After mvn install, I was able to build my plugin. -- You received this message because you are subscribed to the Google Groups "Gray

[graylog2] Re: Very low message throughput after upgrading from GL 1.3.4/ES 1.7.1 to GL2.1.1/ES 2.3.5 + Error messages

Hi Jerri, same here! We experienced quite the same problems after upgrading from GL 1.3.4/ES 1.7.1 to GL2.1.1/ES 2.3.5. Graylog support recommended increasing output batch size (see also Bob's comment) so we increased the value from 500 to 5000. Moreover, you should set the ES-parameter index.re

[graylog2] Re: Pluggable Functions - Getting Started

Development of plugin functions is now documented in this blog post https://www.graylog.org/blog/71-writing-your-own-graylog-processing-pipeline-functions However, one should note the remark in the comments (setting isolated=false in graylog-plugin.properties). And what is more, you have to add

[graylog2] Logstash to Graylog via GELF AMQP

Hello everyone, we are trying to set up a log transport via GELF AMQP. At some stage of the transport pipeline, there is Logstash, which should forward messages to an AMQP broker such as RabbitMQ. Eventually, Graylog should receive messages from the AMQP queues. "GELF AMQP" can be defined as G

[graylog2] Re: Starting guide

Take a look at the left panel on the search page ("Search result"). It says "Found *x messages* in y ms", where x is the number of messages. On Thursday, November 24, 2016 at 5:21:01 PM UTC+1, Javier Alfonso wrote: > > Hi, > I'm veery new to Graylog and i have lots of trouble to understand how th

Re: [Internet] [graylog2] Logstash to Graylog via GELF AMQP

> "{{ logstash_exchange }}" > exchange_type=> topic > durable=> true > > codec => json > } > } > > Then, depending on your messages you can add some filtering rules or some > Graylog extractors. > > Mathieu &

Re: [Internet] [graylog2] Logstash to Graylog via GELF AMQP

Hi Mathieu, I just tried it out. This works perfectly! Thank you! Cheers, Carlos -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegr

[graylog2] Re: Source field population when reading from raw/plaintext kafka input

Hi Evgeny, I think your problem is highly related to my previous problem with AMQP input: https://groups.google.com/forum/#!topic/graylog2/MvRvF9V98hY Maybe you could try this as well. How do you produce your messages? Logstash and Filebeat for example populate the source field by default. Chee

[graylog2] Re: Disk Journal / Kafka Input / Throttling

Hi Jochen, I think what Eli is driving at is that throttling starts too late. I think there should be a (configurable) threshold that starts throttling when the internal journal exceeds a certail level. Cheers, Carlos -- You received this message because you are subscribed to the Google Group