Hello
do we need logstash in service in graylog server for reciving the logs
send by beats
as genarated configuration shows below details
filebeat:
prospectors:
- document_type: log
fields:
gl2_source_collector: 29a42246-401d-4097-8c52-22fff9b6869c
ignore_older: 10s
input_type: log
paths:
- /var/log/httpd/scalphanv2.justbuylive.in-access_log
scan_frequency: 0
tail_files: false
- document_type: log
fields:
gl2_source_collector: 29a42246-401d-4097-8c52-22fff9b6869c
ignore_older: 0
input_type: log
paths:
- /var/log/httpd/adminalphanv1.justbuylive.in-access_log
scan_frequency: 10s
tail_files: true
output:
logstash:
hosts:
- graylogip:5044
*REGARDS:KUNAL VIKAS PATIL9860265594*
On Thu, Sep 22, 2016 at 6:11 AM, Werner van der Merwe <
wernervdme...@gmail.com> wrote:
> Hi Kunal,
>
> Kindly paste your configs, from what I can make out in the screenshot,
> your newline identifier is not set correctly. The %{host} is more than
> likely from incorrectly parsing the logs.
>
> If you're willing to try NXLog, they have snipets for the config in their
> doco:
> https://nxlog.org/documentation/nxlog-community-edition-reference-manual-
> v20928#processing_parsers_combined_log_format_example
>
> What might help, NXLog (or beats) is the application that ships logs to
> Graylog. Sidecar is an extension of Graylog allowing you to centralise,
> manage and distribute profiles to enable easier collection of logs.
> Thus, if you use sidecar, you don't have to worry about the config of
> NXLog (or beats), as that will be supplied by Sidecar.
>
> Sidecar on the client side, you select snippets as elements in the 'tags'
> array. But adding a tag in that array assumes you've created a
> configuration in Graylog and assigned a tag with similar name to the config
> element.
>
> On your client, you are calling the apache tag, which is correct. Just
> ensure you have a configuration matching that tag.
> In Graylog, browse System -> Collectors, then click the "Manage
> Collectors" button.
> This will present you with your different configurations, ensure one of
> them at least has the apache tag allocated to it.
>
> If it does, you only need to worry about the configuration within that
> entry. From what I see I am expecting the parser is not correctly
> configured.
>
>
> On Thursday, September 22, 2016 at 8:27:34 AM UTC+12, Kunal Patil wrote:
>>
>> Hello
>>
>> I have read the document previous issue has been resolved
>> i m getting data but some data come under %{host} source filed
>> I have configured apache logs as shown in documentation
>>
>> please refer attached screenshot
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> *REGARDS:KUNAL VIKAS PATIL9860265594*
>>
>> On Thu, Sep 22, 2016 at 1:20 AM, Marius Sturm <mar...@graylog.com> wrote:
>>
>>> Kunal,
>>> please read the Sidecar documentation first. You have to create a
>>> configuration in the Graylog web interface and tag it with the same tag
>>> like you started the Sidecar instance. There is a step-by-step guide even
>>> with screenshots here: http://docs.graylog.org/en/2.1
>>> /pages/collector_sidecar.html#step-by-step-guide
>>>
>>> Cheers,
>>> Marius
>>>
>>>
>>> On 21 September 2016 at 20:52, Kunal Patil <kunalpa...@gmail.com> wrote:
>>>
>>>> hello
>>>> Thanks for the quick reply and solution as you guys suggested i m
>>>> trying to implement filebeat with help of documentation but i m getting
>>>> below error on web gui please check ad revert
>>>>
>>>> Sidecar
>>>> Tags:apacheIP:
>>>> CPU Idle:99.47%Load:0.06Volumes > 75%:
>>>> ------------------------------
>>>> *Status*: No configuration found for configured tags!
>>>> Backends
>>>> *Filebeat*: Collector exits immediately, this should not happen!
>>>> Please check your collector configuration!
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> *REGARDS:KUNAL VIKAS PATIL9860265594*
>>>>
>>>> On Wed, Sep 21, 2016 at 9:22 PM, Jochen Schalanda <joc...@graylog.com>
>>>> wrote:
>>>>
>>>>> Hi Kunal,
>>>>>
>>>>> nxlog and Filebeat are two different log shippers, each with its own
>>>>> advantages and disadvantages, which are supported by the Graylog Collector
>>>>> Sidecar.
>>>>>
>>>>> Both, nxlog and Filebeat, do support multiline messages:
>>>>>
>>>>> - https://www.elastic.co/guide/en/beats/filebeat/1.3/multiline
>>>>> -examples.html
>>>>> - https://nxlog.co/docs/nxlog-ce/nxlog-reference-manual.html#
>>>>> xm_multiline
>>>>>
>>>>> It's up to you which log shipper you want to use in the end and how
>>>>> you configure it.
>>>>>
>>>>> Cheers,
>>>>> Jochen
>>>>>
>>>>> On Wednesday, 21 September 2016 17:43:44 UTC+2, Kunal Patil wrote:
>>>>>>
>>>>>> I m little confused here
>>>>>> After reading document
>>>>>> In document u guys have given steps for beat and nx log
>>>>>> configuration
>>>>>> Can u brief more about that
>>>>>> My doubt is
>>>>>> If i have beat to send data to graylog why i want nxlog
>>>>>> And if nxlog is required then what is role of beat
>>>>>>
>>>>> --
>>>>> You received this message because you are subscribed to a topic in the
>>>>> Google Groups "Graylog Users" group.
>>>>> To unsubscribe from this topic, visit https://groups.google.com/d/to
>>>>> pic/graylog2/QVxdxyLWmww/unsubscribe.
>>>>> To unsubscribe from this group and all its topics, send an email to
>>>>> graylog2+u...@googlegroups.com.
>>>>> To view this discussion on the web visit
>>>>> https://groups.google.com/d/msgid/graylog2/42f77a7e-b46f-4df
>>>>> 6-9d2b-3366af1415da%40googlegroups.com
>>>>> <https://groups.google.com/d/msgid/graylog2/42f77a7e-b46f-4df6-9d2b-3366af1415da%40googlegroups.com?utm_medium=email&utm_source=footer>
>>>>> .
>>>>>
>>>>> For more options, visit https://groups.google.com/d/optout.
>>>>>
>>>>
>>>> --
>>>> You received this message because you are subscribed to the Google
>>>> Groups "Graylog Users" group.
>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>> an email to graylog2+u...@googlegroups.com.
>>>> To view this discussion on the web visit https://groups.google.com/d/ms
>>>> gid/graylog2/CAJa2o%3D85b_XKO2sgzBvDJ5YjoBX-o3RFJjZ%3D%3DJOR
>>>> jw%3D2%3DktESA%40mail.gmail.com
>>>> <https://groups.google.com/d/msgid/graylog2/CAJa2o%3D85b_XKO2sgzBvDJ5YjoBX-o3RFJjZ%3D%3DJORjw%3D2%3DktESA%40mail.gmail.com?utm_medium=email&utm_source=footer>
>>>> .
>>>>
>>>> For more options, visit https://groups.google.com/d/optout.
>>>>
>>>
>>>
>>>
>>> --
>>> Developer
>>>
>>> Tel.: +49 (0)40 609 452 077
>>> Fax.: +49 (0)40 609 452 078
>>>
>>> TORCH GmbH - A Graylog Company
>>> Poolstraße 21
>>> 20335 Hamburg
>>> Germany
>>>
>>> https://www.graylog.com <https://www.torch.sh/>
>>>
>>> Commercial Reg. (Registergericht): Amtsgericht Hamburg, HRB 125175
>>> Geschäftsführer: Lennart Koopmann (CEO)
>>>
>>> --
>>> You received this message because you are subscribed to a topic in the
>>> Google Groups "Graylog Users" group.
>>> To unsubscribe from this topic, visit https://groups.google.com/d/to
>>> pic/graylog2/QVxdxyLWmww/unsubscribe.
>>> To unsubscribe from this group and all its topics, send an email to
>>> graylog2+u...@googlegroups.com.
>>> To view this discussion on the web visit https://groups.google.com/d/ms
>>> gid/graylog2/CAMqbBbJfWA08j_rVraiJpHOA9cpHM4Gwvk0tyZ9Eu3e0kr
>>> RLiQ%40mail.gmail.com
>>> <https://groups.google.com/d/msgid/graylog2/CAMqbBbJfWA08j_rVraiJpHOA9cpHM4Gwvk0tyZ9Eu3e0krRLiQ%40mail.gmail.com?utm_medium=email&utm_source=footer>
>>> .
>>>
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>>
>> --
> You received this message because you are subscribed to a topic in the
> Google Groups "Graylog Users" group.
> To unsubscribe from this topic, visit https://groups.google.com/d/
> topic/graylog2/QVxdxyLWmww/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> graylog2+unsubscr...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/graylog2/3f2fa765-99fc-479f-aea8-ce8222706151%40googlegroups.com
> <https://groups.google.com/d/msgid/graylog2/3f2fa765-99fc-479f-aea8-ce8222706151%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
>
> For more options, visit https://groups.google.com/d/optout.
>
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/CAJa2o%3D_oOTC%2BQEpDBnuBkzrAQDioKaA1mucwBKVXVyX2bn_TZQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
