[graylog2] /system/metrics/multiple
I may be missing something elementary here, but could someone explain the formatting/syntax for defining the multiple metrics? Pulling individual seems easy enough, but I'd like to pull multiple. Perhaps I'm missing something simple. I'd like to pull org.graylog2.buffers.input.usage, org.graylog2.buffers.process.usage, and org.graylog2.buffers.output.usage from each of my nodes so I can ultimately get it IN to Graylog and dashboard or even alert on them. -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/9e8fc2e0-2881-4f40-8a09-0f74992f6492%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Re: Graylog 2.1.1 and HTTPS
Jochen, Thank you! I had been looking in the HTTPS section of the graylog 2.1 documentation, but the link you provided made the configuration ridiculously simple. Dropped our certs into the nginix/ca directory, ran the graylog-ctl enforce-ssl and graylog-ctl restart nginix commands and graylog-ctl reconfigure-as-server and all is working perfectly. Thanks!! Matt On Saturday, October 22, 2016 at 2:58:32 AM UTC-7, Jochen Schalanda wrote: > > Hi Matthew, > > what did you do exactly and which error messages do you see? > > If you're using the OVA (virtual machine images), please follow the > instructions at > http://docs.graylog.org/en/2.1/pages/configuration/graylog_ctl.html#install-custom-ssl-certificates > > Cheers, > Jochen > > On Friday, 21 October 2016 18:59:08 UTC+2, Matthew Johnson wrote: >> >> Hello, just upgraded to graylog 2.1.1 (virtual appliances upgraded from >> 2.0.3 -> 2.1 -> 2.1.1), and everything is working as expected over HTTP. >> We are attempting to configure HTTPS using an existing certificate and >> private key signed by a public CA, but no luck when following the Graylog >> 2.1 HTTPS Configuration Documentation. Does anyone have step-by-step >> directions to properly configure HTTPS? Our configuration is one graylog >> server node and two graylog data nodes. >> >> We also found some separate documentation about modifying the httpd.conf >> apache configuration file, but that file does not exist at the expected >> location in /etc/apache2 (the apache2 directory does not exist). >> >> Thanks in advance! >> >> -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/3e39f4cf-1a78-4f62-a937-a1fc484ca7c8%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Multiple Keys with same name
Some logs, i.e. TACACS, return multiple keys values with the same key name. One log returned may be similar to the following: Username=test 1 AuthorizedGroup="RAS Users" AuthorizedGroup="VPN Users" AuthorizedGroup="Router Access" What is the best way for graylog to process these types of logs without an find and replace extractor renaming the first match to something else and then creating another to do the second one and so forth? -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/956d9956-1491-4aad-81b9-2f5ca2658b6b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Pipelines seem to filter messages in default stream not in assigned stream
Hi!
I'm using the pipeline feature of Graylog and have a behavior which I don't
understand.
First the description of my Graylog setup
Message Processors Configuration
The following message processors are executed in order. Disabled processors
will be skipped.
#ProcessorStatus
1 Message Filter Chain active
2 Pipeline Processor active
I've created two rules.
Rule 1 looks like
rule "has_test_field"
when
has_field("test")
then
end
Rule 2 looks like
rule "remove_test_field_if_contains_value"
when
contains(value:to_string($message.test), search:"value")
then
remove_field("test");
end
I've created a pipeline with two stages
Stage 1 contains Rule 1 and stage 2 contains Rule 2
I've assigned the pipeline to stream "Test_stream_1" and have a second
stream with name "Test_stream_2" with no pipeline attached to.
When a message comes in it is routed in "Test_stream_1" and
"Test_stream_2".
As I understand pipelines, the message should have removed the field
"test", when it contains value "value" and it is routed to "Test_stream_1"
and should still contains field test, when it's routed to "Test_stream_2".
But the field test is removed in "Test_stream_2" too.
So what I have to do, so that the field test still exist in "Test_stream_2"
and is removed in "Test_stream_1"
Thank for the answer!
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/6ec49c08-864f-4d41-a47c-b9125dab1d9b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[graylog2] Re: time between sending message and its appearance in streams window
Hi, On Wednesday, 26 October 2016 15:14:37 UTC+2, phalogorebrutal wrote: > > hey guys, i have installed graylog2 + elasticsearch + mongo following > instructions on doc page; now after sending message to graylog via GELF it > appears in created stream after 1 or 2 minutes, is that correct or i missed > some options ? > This depends on a lot of things, especially on the timestamp field inside the GELF message. Check that these are correct first. Cheers, Jochen -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/cd8fd7c0-8e99-4b9d-beae-871a31763ca5%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Re: use logstash + gelf to send logs to graylog
i dont think so, i just starting using it, so.. cheers anas Le mercredi 26 octobre 2016 14:37:44 UTC+2, GambitK a écrit : > > Wasn't there an update for logstas-gelf that added TCP? I think I saw it > recently in the Graylog twitter. > > El miércoles, 26 de octubre de 2016, 3:46:30 (UTC-4), Benbrahim Anass > escribió: >> >> Probleme Fixed, apparently logstash/gelf only works with UDP. >> it would be nice if they mentioned that somewhere >> >> cheers >> Anas >> >> Le mardi 25 octobre 2016 13:19:51 UTC+2, Benbrahim Anass a écrit : >>> >>> i'm wondering if is it possible to send logs via logstash/gelf to >>> Graylog2, if it is, i'm gonna need an exemple of a logstash output via GELF >>> >>> Thanks >>> cheers >>> anas >>> >> -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/ac179969-6f17-4575-abbb-91f6a080547d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] time between sending message and its appearance in streams window
hey guys, i have installed graylog2 + elasticsearch + mongo following instructions on doc page; now after sending message to graylog via GELF it appears in created stream after 1 or 2 minutes, is that correct or i missed some options ? -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/a6b906ef-ec39-4491-b899-14ca2f7a2e01%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Re: Virtual Appliance - Elasticsearch cluster unavailable
Hi, all dependencies of Graylog (such as Elasticsearch and MongoDB) can run inside the same virtual machine, but don't have to. How did you configure your virtual machine and are there any error messages in the logs? http://docs.graylog.org/en/2.1/pages/configuration/file_location.html#omnibus-package Cheers, Jochen On Wednesday, 26 October 2016 14:53:56 UTC+2, Sunfield wrote: > > I just installed Graylog as a Hyper-V server from OVA Virtual Appliance. > The Ubuntu starts up and I'm able to log into the Graylog web interface. > I have startet sending syslog messages into it (and they seem to be > entering the system) > > But I get: "Elasticsearch cluster unavailable" > > So, do I need to install a seperate Hyper-V instance with Elastisearch or > is Elastisearch included on the OVA image somewhere ? > > > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/c54359cd-f84c-41fb-a1dd-62d12a1d8159%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Re: use logstash + gelf to send logs to graylog
Hi, On Wednesday, 26 October 2016 14:37:44 UTC+2, GambitK wrote: > > Wasn't there an update for logstas-gelf that added TCP? I think I saw it > recently in the Graylog twitter. > https://github.com/logstash-plugins/logstash-output-gelf/issues/1 Cheers, Jochen -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/d11a2f33-c0a6-4bb7-a165-003e1dd73fa8%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [graylog2] Re: Elasticsearch upgrade to 5.0, migraton helper plugin - red node settings meaning
Hi Florent, On Wednesday, 26 October 2016 14:23:10 UTC+2, Florent B wrote: > > Are you sure Graylog 2.1.1 supports Elastisearch 2.4.1 ? > Yes. Cheers, Jochen -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/d5c881c7-15e1-4423-9ed2-fcf8e58910e1%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Virtual Appliance - Elasticsearch cluster unavailable
I just installed Graylog as a Hyper-V server from OVA Virtual Appliance. The Ubuntu starts up and I'm able to log into the Graylog web interface. I have startet sending syslog messages into it (and they seem to be entering the system) But I get: "Elasticsearch cluster unavailable" So, do I need to install a seperate Hyper-V instance with Elastisearch or is Elastisearch included on the OVA image somewhere ? -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/6642b1f6-3352-4149-86d8-facafcaf4786%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Re: use logstash + gelf to send logs to graylog
Wasn't there an update for logstas-gelf that added TCP? I think I saw it recently in the Graylog twitter. El miércoles, 26 de octubre de 2016, 3:46:30 (UTC-4), Benbrahim Anass escribió: > > Probleme Fixed, apparently logstash/gelf only works with UDP. > it would be nice if they mentioned that somewhere > > cheers > Anas > > Le mardi 25 octobre 2016 13:19:51 UTC+2, Benbrahim Anass a écrit : >> >> i'm wondering if is it possible to send logs via logstash/gelf to >> Graylog2, if it is, i'm gonna need an exemple of a logstash output via GELF >> >> Thanks >> cheers >> anas >> > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/75fe58a7-6566-47ab-93fb-1065322b991f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Re: Error: There was no master Graylog server node detected in the cluster.
Hi, do you have any experience with this error? thanks Dňa štvrtok, 20. októbra 2016 12:25:29 UTC+2 Ľubo napísal(-a): > > Hi all, > > We have two nodes in Graylog cluster 2.1.0. > > There is Error: There was no master Graylog server node detected in the > cluster. > > This error is every 10 seconds, there is No notification (green) and then > this error - see system messages. > > > > "Certain operations of Graylog server require the presence of a master > node, but no such master was started. Please ensure that one of your > Graylog server nodes contains the setting is_master = true in its > configuration and that it is running. Until this is resolved index cycling > will not be able to run, which means that the index retention mechanism is > also not running, leading to increased index sizes. Certain maintenance > functions as well as a variety of web interface pages (e.g. Dashboards) are > unavailable. > > " > > Could you give me advice how to solve this error? > > > > discovery.zen.minimum_master_nodes: 2 > > gateway.recover_after_nodes: 1 > > Elasticsearch sluster - green > > > > NTP enabled: yes > > NTP synchronized: yes > > cat /etc/graylog/server/server.conf > > One node is is_master = true, second node is is_master = false > > > > > > System messages: > > TimestampNodeMessage > > 2016-10-20T12:21:27+02:00 7e58c1ec / > hostname001Notification condition [NO_MASTER] has been fixed. > > 2016-10-20T12:21:13+02:00 7e58c1ec / > hostname001Notification condition [NO_MASTER] has been fixed. > > 2016-10-20T12:21:10+02:00 7e58c1ec / > hostname001Notification condition [NO_MASTER] has been fixed. > > 2016-10-20T12:21:00+02:00 7e58c1ec / > hostname001Notification condition [NO_MASTER] has been fixed. > > 2016-10-20T12:20:47+02:00 7e58c1ec / > hostname001Notification condition [NO_MASTER] has been fixed. > > 2016-10-20T12:20:40+02:00 7e58c1ec / > hostname001Notification condition [NO_MASTER] has been fixed. > > 2016-10-20T12:20:36+02:00 7e58c1ec / > hostname001Notification condition [NO_MASTER] has been fixed. > > 2016-10-20T12:20:33+02:00 7e58c1ec / > hostname001Notification condition [NO_MASTER] has been fixed. > > 2016-10-20T12:20:23+02:00 7e58c1ec / > hostname001Notification condition [NO_MASTER] has been fixed. > > 2016-10-20T12:20:19+02:00 7e58c1ec / > hostname001Notification condition [NO_MASTER] has been fixed. > > 2016-10-20T12:20:14+02:00 7e58c1ec / > hostname001Notification condition [NO_MASTER] has been fixed. > > 2016-10-20T12:20:10+02:00 7e58c1ec / > hostname001Notification condition [NO_MASTER] has been fixed. > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/2986cc5f-b32e-4987-9409-e8b6523999ad%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Re: use logstash + gelf to send logs to graylog
Probleme Fixed, apparently logstash/gelf only works with UDP. it would be nice if they mentioned that somewhere cheers Anas Le mardi 25 octobre 2016 13:19:51 UTC+2, Benbrahim Anass a écrit : > > i'm wondering if is it possible to send logs via logstash/gelf to > Graylog2, if it is, i'm gonna need an exemple of a logstash output via GELF > > Thanks > cheers > anas > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/1eb5c799-d0e8-412c-9d7f-67f882bf937b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
