[graylog2] View Dashboard Data

[Sridhar]

Hi,

I have created dashboard with pi-chart, count and statistics. My question 
is if i click on a bar in histogram, will that show me there in some pop-up 
or any other way what are the logging messages associated with that bar?

Please help me.

Thanks,
Sridhar

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/73db5fff-fc3d-469d-8738-e4f3f6250bdf%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Quick Values not working

[Bill Murrin]

Hi Steve,

I changed the field name to something else (rcode). I am shipping my logs 
via GELF from a logstash processing instance so I edited my logstash config 
file to parse it as a different field name.

-Bill

On Friday, February 3, 2017 at 10:28:08 AM UTC-10, Steve Kuntz wrote:
>
> What did you change in the name to make it work?
>
> On Friday, February 3, 2017 at 12:39:56 PM UTC-5, Bill Murrin wrote:
>>
>> I also starting receiving errors for a Quick values on a field named 
>> "status_code"; I only noticed it after the upgrade to 2.1.3. I changed the 
>> name to something else and everything starting working again. I am 
>> converting this field to an integer and was doing a search on if the field 
>> value was greater than 0.
>>
>> -Bill
>>
>> On Friday, February 3, 2017 at 5:08:14 AM UTC-10, Steve Kuntz wrote:
>>>
>>> I'm having a new issue getting quick values since I modified some 
>>> fields. This is just to get the HTTP status codes but there is some issue. 
>>> All values are being converted to numeric but I'm getting an error. I've 
>>> attached the error and the stats to show what the data is.
>>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/f3fd7b94-9e08-479e-a20a-c3eb7317db92%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Monitoring Windows DHCP Server Activity

[Rob Repp]

Okay, in order:

1. I'm using the OVA VM image from Graylog, so most of the configuration is 
already done. All I did was add a Connector with one nxlog input and one 
nxlog output, and then the GELF UDP input that the WinDHCP json created.

The WinDHCP input is configured like this:

WinDHCPLogs-gelf GELF UDP RUNNING
On node 771f3128 / graylog 


   - bind_address:
   0.0.0.0
   - decompress_size_limit:
   8388608
   - override_source:
   **
   - port:
   5441
   - recv_buffer_size:
   1048576
   

2. The nxlog.conf file is:

define ROOT C:\Program Files (x86)\nxlog


  Module xm_gelf


Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log
LogLevel INFO


Module  xm_fileop

When@daily
Execfile_cycle('%ROOT%\data\nxlog.log', 7);
 



Module im_file
File 'C:\Windows\System32\dhcp\DhcpSrvLog-*.log'
PollInterval 1
SavePos True
ReadFromLast True
Recursive False
RenameCheck True
Exec $FileName = file_name(); # Send file name with each message



Module om_udp
Host re.da.ct.ed
Port 5441
OutputType  GELF
Exec $short_message = $raw_event; # Avoids truncation of the short_message 
field.
Exec $gl2_source_collector = '9960a8cd-7abe-4021-939f-89b22909aa32';
Exec $Hostname = hostname_fqdn();



  Path 588bc33f682c990374bab049 => 588bc2db682c990374baafe0


3. collector_sidecar.yml is this:

server_url: http://re.da.ct.ed:9000/api 
update_interval: 10
tls_skip_verify: false
send_status: true
list_log_files:
node_id: NS1
collector_id: file:C:\Program Files\graylog\collector-sidecar\collector-id
cache_path: C:\Program Files\graylog\collector-sidecar\cache
log_path: C:\Program Files\graylog\collector-sidecar\logs
log_rotation_time: 86400
log_max_age: 604800
tags: dhcp
backends:
- name: nxlog
  enabled: true
  binary_path: C:\Program Files (x86)\nxlog\nxlog.exe
  configuration_path: C:\Program 
Files\graylog\collector-sidecar\generated\nxlog.conf
- name: winlogbeat
  enabled: false
  binary_path: C:\Program Files\graylog\collector-sidecar\winlogbeat.exe
  configuration_path: C:\Program 
Files\graylog\collector-sidecar\generated\winlogbeat.yml
- name: filebeat
  enabled: false
  binary_path: C:\Program Files\graylog\collector-sidecar\filebeat.exe
  configuration_path: C:\Program 
Files\graylog\collector-sidecar\generated\filebeat.yml





On Friday, February 3, 2017 at 3:21:21 AM UTC-6, Jochen Schalanda wrote:
>
> Hi Rob,
>
> How did you configure Graylog? Which inputs did you create and how did you 
> configure them?
> How did you configure the Graylog Collector Sidecar and what's the 
> generated nxlog configuration?
>
> Cheers,
> Jochen
>
> On Thursday, 2 February 2017 23:30:20 UTC+1, Rob Repp wrote:
>>
>> I set up a Graylog 2.1.2 server by deploying the downloadable OVA from 
>> graylog.org. I'm trying to monitor a Windows 2008 R2 server with the 
>> DHCP role installed. The DHCP server deposits activity data into log files 
>> at C:\Windows\System32\dhcp\DhcpSrvLog-*.log. I have collector-sidecar and 
>> nxlog installed on the Windows machine, and configured to send the log data 
>> back to a collector input on the Graylog server.
>>
>> My configuration is based on the WindowsDHCP content pack available in 
>> the Graylog marketplace. I imported the content pack json, 
>> configured collector-sidecar on Windows and the Graylog collector starting 
>> from the sample code at https://github.com/JulioQc/WinDHCP. 
>> Unfortunately, when I do "show messages" for the collector, there's nothing 
>> coming in.
>>
>> Has anyone had any success with this configuration? If not, is there a 
>> better method for monitoring Windows DHCP activity with Graylog? Thanks!
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/543d176c-bd2f-42fb-9fc9-66aa36a474d9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Quick Values not working

[Steve Kuntz]

What did you change in the name to make it work?

On Friday, February 3, 2017 at 12:39:56 PM UTC-5, Bill Murrin wrote:
>
> I also starting receiving errors for a Quick values on a field named 
> "status_code"; I only noticed it after the upgrade to 2.1.3. I changed the 
> name to something else and everything starting working again. I am 
> converting this field to an integer and was doing a search on if the field 
> value was greater than 0.
>
> -Bill
>
> On Friday, February 3, 2017 at 5:08:14 AM UTC-10, Steve Kuntz wrote:
>>
>> I'm having a new issue getting quick values since I modified some fields. 
>> This is just to get the HTTP status codes but there is some issue. All 
>> values are being converted to numeric but I'm getting an error. I've 
>> attached the error and the stats to show what the data is.
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/1da31c69-1dfe-4520-9b37-43f8fae81641%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Graylog build and package

[Rayees Namathponnan]

I tired to create rpm with > mvn rpm:rpm -X  build it failed with below error


I am not seeing any spec file also no instruction to create RPM in main 
POM.xml,  someone please help to understand how the RPM works here 





[INFO] Reactor Summary:
[INFO]
[INFO] Graylog Parent POM . FAILURE [  0.338 s]
[INFO] Graylog Project Parent POM . SKIPPED
[INFO] AutoValue JavaBean extension ... SKIPPED
[INFO] Graylog  SKIPPED
[INFO] integration-tests .. SKIPPED
[INFO] Graylog Plugin Parent POM .. SKIPPED
[INFO] Graylog Plugin with Web support Parent POM . SKIPPED
[INFO] graylog-plugin-archetype ... SKIPPED
[INFO] 
[INFO] BUILD FAILURE
[INFO] 
[INFO] Total time: 1.363 s
[INFO] Finished at: 2017-02-03T11:43:40-08:00
[INFO] Final Memory: 19M/212M
[INFO] 
[ERROR] Failed to execute goal org.codehaus.mojo:rpm-maven-plugin:2.1.5:rpm 
(default-cli) on project graylog-parent: The parameters 'group' for goal 
org.codehaus.mojo:rpm-maven-plugin:2.1.5:rpm are missing or invalid -> [Help 1]
org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute goal 
org.codehaus.mojo:rpm-maven-plugin:2.1.5:rpm (default-cli) on project 
graylog-parent: The parameters 'group' for goal 
org.codehaus.mojo:rpm-maven-plugin:2.1.5:rpm are missing or invalid
at 
org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:212)
at 
org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:153)
at 
org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:145)

▽
at 
org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:116)

▽


at 
org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:80)
at 
org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build(SingleThreadedBuilder.java:51)
at 
org.apache.maven.lifecycle.internal.LifecycleStarter.execute(LifecycleStarter.java:128)
at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:307)
at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:193)
at org.apache.maven.DefaultMaven.execute(DefaultMaven.java:106)
at org.apache.maven.cli.MavenCli.execute(MavenCli.java:863)
at org.apache.maven.cli.MavenCli.doMain(MavenCli.java:288)
at org.apache.maven.cli.MavenCli.main(MavenCli.java:199)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at 
org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced(Launcher.java:289)
at 
org.codehaus.plexus.classworlds.launcher.Launcher.launch(Launcher.java:229)
at 
org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode(Launcher.java:415)
at 
org.codehaus.plexus.classworlds.launcher.Launcher.main(Launcher.java:356)
Caused by: org.apache.maven.plugin.PluginParameterException: The parameters 
'group' for goal org.codehaus.mojo:rpm-maven-plugin:2.1.5:rpm are missing or 
invalid
at 
org.apache.maven.plugin.internal.DefaultMavenPluginManager.populatePluginFields(DefaultMavenPluginManager.java:641)
at 
org.apache.maven.plugin.internal.DefaultMavenPluginManager.getConfiguredMojo(DefaultMavenPluginManager.java:594)
at 
org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo(DefaultBuildPluginManager.java:121)
at 
org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:207)
... 20 more



> On Jan 31, 2017, at 8:40 PM, Rayees Namathponnan  
> wrote:
> 
> Thanks Bill, Will try this
> 
> 
> 
>> On Jan 31, 2017, at 8:38 PM, Bill Murrin > > wrote:
>> 
>> In the Getting Started section of the README on 
>> https://github.com/Graylog2/graylog-plugin-map-widget 
>> , it says the 
>> following:
>> 
>> Getting started
>> 
>> This project is using Maven 3 and requires Java 7 or higher.
>> 
>> Clone this repository.
>> Run mvn package to build a JAR file.
>> Optional: Run mvn jdeb:jdeb and mvn rpm:rpm to create a DEB and RPM package 
>> respectively.
>> Copy generated JAR file in target directory to your Graylog plugin directory.
>> Restart the Graylog.
>> 
>> Hope that is 

[graylog2] Re: Problem Graylog upgrade from 2.1.2 to 2.1.3 - API

[CESAR Fabre]

Hummm,


Maybe, that's the problem!


Thank you Jochen.




On Friday, February 3, 2017 at 4:18:55 PM UTC-2, Jochen Schalanda wrote:
>
> Hi César,
>
> make sure to use only plugins in a compatible version.
>
> For example the Threat Intelligence Plugin for Graylog is currently not 
> compatible with Graylog 2.1.3.
>
> Cheers,
> Jochen
>
> On Friday, 3 February 2017 18:08:43 UTC+1, CESAR Fabre wrote:
>>
>> Hi,
>>
>> I'm trying the upgrade from 2.1.2 to 2.1.3 on CentOS 7 but I had some 
>> problems. Follows the popup that appears frequently after upgrade.
>>
>> Server currently unavailable
>> We are experiencing problems connecting to the Graylog server running on 
>> http://192.168.10.5:9000/api. Please verify that the server is healthy 
>> and working correctly.
>>
>>
>> PS: Graylog 2.1.2 is working very well. 
>>
>> My scenario is this:
>>
>> graylog-server-2.1.2-1.noarch
>>
>> elasticsearch-2.4.4-1.noarch
>>
>> mongodb-org-server-3.2.11-1.el7.x86_64
>>
>>
>> I have some plugins as well:
>>
>> graylog-plugin-beats-1.1.3.jar
>>
>> graylog-plugin-collector-1.1.2.jar
>>
>> graylog-plugin-enterprise-integration-1.1.2.jar
>>
>> graylog-plugin-input-cef-1.1.1.jar
>>
>> graylog-plugin-map-widget-1.1.2.jar
>>
>> graylog-plugin-pipeline-processor-1.1.2.jar
>>
>> graylog-plugin-threatintel-0.9.0.jar
>>
>> usage-statistics-2.1.2.jar
>>
>>
>> Can you help me?
>>
>>
>> Thank you so much!!!
>>
>> César
>>
>>
>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/9c592983-a895-4931-9ba7-3099ac88955a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Quick Values not working

[Steve Kuntz]

Unfortunately not, it's the only log message that shows when trying to do a 
quick value on the field.

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/d5b87637-a46b-4bbf-b742-7514637a0069%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Problem Graylog upgrade from 2.1.2 to 2.1.3 - API

[Jochen Schalanda]

Hi César,

make sure to use only plugins in a compatible version.

For example the Threat Intelligence Plugin for Graylog is currently not 
compatible with Graylog 2.1.3.

Cheers,
Jochen

On Friday, 3 February 2017 18:08:43 UTC+1, CESAR Fabre wrote:
>
> Hi,
>
> I'm trying the upgrade from 2.1.2 to 2.1.3 on CentOS 7 but I had some 
> problems. Follows the popup that appears frequently after upgrade.
>
> Server currently unavailable
> We are experiencing problems connecting to the Graylog server running on 
> http://192.168.10.5:9000/api. Please verify that the server is healthy 
> and working correctly.
>
>
> PS: Graylog 2.1.2 is working very well. 
>
> My scenario is this:
>
> graylog-server-2.1.2-1.noarch
>
> elasticsearch-2.4.4-1.noarch
>
> mongodb-org-server-3.2.11-1.el7.x86_64
>
>
> I have some plugins as well:
>
> graylog-plugin-beats-1.1.3.jar
>
> graylog-plugin-collector-1.1.2.jar
>
> graylog-plugin-enterprise-integration-1.1.2.jar
>
> graylog-plugin-input-cef-1.1.1.jar
>
> graylog-plugin-map-widget-1.1.2.jar
>
> graylog-plugin-pipeline-processor-1.1.2.jar
>
> graylog-plugin-threatintel-0.9.0.jar
>
> usage-statistics-2.1.2.jar
>
>
> Can you help me?
>
>
> Thank you so much!!!
>
> César
>
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/1df53f9b-28a9-4acb-a894-7d9e6c8d68fe%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Quick Values not working

[Jochen Schalanda]

Hi Steve,

On Friday, 3 February 2017 18:05:26 UTC+1, Steve Kuntz wrote:
>
> There is an error in the graylog.log
>
> WARN  [SearchResource] Unable to execute search: [reduce]  
>

Is there more context around that warning message?

Cheers,
Jochen 

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/790e896c-0f15-4e54-b9e8-2b12e3f7e05b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Quick Values not working

[Steve Kuntz]

Same here but I wasn't sure it was related to the update.

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/19e68697-b13a-47a4-8aa7-63fcf22f2087%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Quick Values not working

[Bill Murrin]

I also starting receiving errors for a Quick values on a field named 
"status_code"; I only noticed it after the upgrade to 2.1.3. I changed the 
name to something else and everything starting working again. I am 
converting this field to an integer and was doing a search on if the field 
value was greater than 0.

-Bill

On Friday, February 3, 2017 at 5:08:14 AM UTC-10, Steve Kuntz wrote:
>
> I'm having a new issue getting quick values since I modified some fields. 
> This is just to get the HTTP status codes but there is some issue. All 
> values are being converted to numeric but I'm getting an error. I've 
> attached the error and the stats to show what the data is.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/586d1c58-2702-4a46-b4be-b0ddbce365d5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Problem Graylog upgrade from 2.1.2 to 2.1.3 - API

[CESAR Fabre]

Hi,

I'm trying the upgrade from 2.1.2 to 2.1.3 on CentOS 7 but I had some 
problems. Follows the popup that appears frequently after upgrade.

Server currently unavailable
We are experiencing problems connecting to the Graylog server running on 
http://192.168.10.5:9000/api. Please verify that the server is healthy and 
working correctly.


PS: Graylog 2.1.2 is working very well. 

My scenario is this:

graylog-server-2.1.2-1.noarch

elasticsearch-2.4.4-1.noarch

mongodb-org-server-3.2.11-1.el7.x86_64


I have some plugins as well:

graylog-plugin-beats-1.1.3.jar

graylog-plugin-collector-1.1.2.jar

graylog-plugin-enterprise-integration-1.1.2.jar

graylog-plugin-input-cef-1.1.1.jar

graylog-plugin-map-widget-1.1.2.jar

graylog-plugin-pipeline-processor-1.1.2.jar

graylog-plugin-threatintel-0.9.0.jar

usage-statistics-2.1.2.jar


Can you help me?


Thank you so much!!!

César



-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/7eae1dbd-e68f-4df4-8588-938b759e7169%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Quick Values not working

[Steve Kuntz]

There is an error in the graylog.log

WARN  [SearchResource] Unable to execute search: [reduce]  

Any and All help is appreciated.

On Friday, February 3, 2017 at 11:59:34 AM UTC-5, Steve Kuntz wrote:
>
> Also Field Statistics and Generate Chart work on this same data set as 
> well and I think they require Numeric values as well. 
>
> On Friday, February 3, 2017 at 11:44:44 AM UTC-5, Steve Kuntz wrote:
>>
>> As a test my search is 
>>
>> _exists_:http_response_code AND http_response_code:[200 TO 503]
>>
>> And I"m still getting the same error.
>>
>> On Friday, February 3, 2017 at 10:53:04 AM UTC-5, Jochen Schalanda wrote:
>>>
>>> Hi Steve,
>>>
>>> the "quick values" functionality only works if the field is numeric in 
>>> all messages of the queried time range. If there are some non-numeric 
>>> values for that message field within the queried time range, you'll receive 
>>> the error message you've already mentioned.
>>>
>>> Cheers,
>>> Jochen
>>>
>>> On Friday, 3 February 2017 16:08:14 UTC+1, Steve Kuntz wrote:

 I'm having a new issue getting quick values since I modified some 
 fields. This is just to get the HTTP status codes but there is some issue. 
 All values are being converted to numeric but I'm getting an error. I've 
 attached the error and the stats to show what the data is.

>>>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/474c4b05-c4e8-47ca-ac2d-ae14976be486%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Quick Values not working

[Steve Kuntz]

As a test my search is 

_exists_:http_response_code AND http_response_code:[200 TO 503]

And I"m still getting the same error.

On Friday, February 3, 2017 at 10:53:04 AM UTC-5, Jochen Schalanda wrote:
>
> Hi Steve,
>
> the "quick values" functionality only works if the field is numeric in all 
> messages of the queried time range. If there are some non-numeric values 
> for that message field within the queried time range, you'll receive the 
> error message you've already mentioned.
>
> Cheers,
> Jochen
>
> On Friday, 3 February 2017 16:08:14 UTC+1, Steve Kuntz wrote:
>>
>> I'm having a new issue getting quick values since I modified some fields. 
>> This is just to get the HTTP status codes but there is some issue. All 
>> values are being converted to numeric but I'm getting an error. I've 
>> attached the error and the stats to show what the data is.
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/f0e66a72-1bd7-4f28-adfe-3efee2a4b4c3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Quick Values not working

[Jochen Schalanda]

Hi Steve,

the "quick values" functionality only works if the field is numeric in all 
messages of the queried time range. If there are some non-numeric values 
for that message field within the queried time range, you'll receive the 
error message you've already mentioned.

Cheers,
Jochen

On Friday, 3 February 2017 16:08:14 UTC+1, Steve Kuntz wrote:
>
> I'm having a new issue getting quick values since I modified some fields. 
> This is just to get the HTTP status codes but there is some issue. All 
> values are being converted to numeric but I'm getting an error. I've 
> attached the error and the stats to show what the data is.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/33c4642f-6ead-4b30-9e20-63b0e97ffead%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Re: Indices and edit Extractor page timing out

[Steve Kuntz]

Currently each index is ~10-15G and spans ~10-15 minutes doing this would
make my indices huge and I'm guessing slower to search.

On Fri, Feb 3, 2017 at 10:51 AM, Jochen Schalanda 
wrote:

> Hi Steve,
>
> On Friday, 3 February 2017 16:03:04 UTC+1, Steve Kuntz wrote:
>>
>> Thanks, I guess I'll wait until 2.2. I need 2 weeks of archive and my
>> settings are keeping about 2100 indices @20,000,000 messages per index,
>> which is about 2 weeks for me.
>>
>
> Have you thought about using a time-based rotation/retention policy for
> your Graylog setup, e. g. 1 index every few hours?
>
> Cheers,
> Jochen
>
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "Graylog Users" group.
> To unsubscribe from this topic, visit https://groups.google.com/d/
> topic/graylog2/0DKFgDg2LQo/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> graylog2+unsubscr...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/graylog2/015368d0-0c8f-42bc-a7cb-754af44d81ee%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>



-- 
~Steve

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/CAA6wJSxFWD69SADe8gr1teeEZe%3DfdDEAXK2UaFK8W6aAOFZN4g%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Indices and edit Extractor page timing out

[Steve Kuntz]

Currently each index is ~10-15G and spans ~10-15 minutes doing this would 
make my indices huge and I'm guessing slower to search.

On Friday, February 3, 2017 at 10:51:25 AM UTC-5, Jochen Schalanda wrote:
>
> Hi Steve,
>
> On Friday, 3 February 2017 16:03:04 UTC+1, Steve Kuntz wrote:
>>
>> Thanks, I guess I'll wait until 2.2. I need 2 weeks of archive and my 
>> settings are keeping about 2100 indices @20,000,000 messages per index, 
>> which is about 2 weeks for me. 
>>
>
> Have you thought about using a time-based rotation/retention policy for 
> your Graylog setup, e. g. 1 index every few hours?
>
> Cheers,
> Jochen
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/50627ba4-e17d-4afa-869b-984dbf900fdc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Indices and edit Extractor page timing out

[Jochen Schalanda]

Hi Steve,

On Friday, 3 February 2017 16:03:04 UTC+1, Steve Kuntz wrote:
>
> Thanks, I guess I'll wait until 2.2. I need 2 weeks of archive and my 
> settings are keeping about 2100 indices @20,000,000 messages per index, 
> which is about 2 weeks for me. 
>

Have you thought about using a time-based rotation/retention policy for 
your Graylog setup, e. g. 1 index every few hours?

Cheers,
Jochen

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/015368d0-0c8f-42bc-a7cb-754af44d81ee%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Quick Values not working

[Steve Kuntz]

I'm having a new issue getting quick values since I modified some fields. 
This is just to get the HTTP status codes but there is some issue. All 
values are being converted to numeric but I'm getting an error. I've 
attached the error and the stats to show what the data is.

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/de40ac47-d42e-4905-96a9-8367f81ac29b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Indices and edit Extractor page timing out

[Steve Kuntz]

Thanks, I guess I'll wait until 2.2. I need 2 weeks of archive and my 
settings are keeping about 2100 indices @20,000,000 messages per index, 
which is about 2 weeks for me. 

On Friday, February 3, 2017 at 4:14:11 AM UTC-5, Jochen Schalanda wrote:
>
> Hi Steve,
>
> the issue with the extractor page might have been fixed in Graylog 2.2.0, 
> see https://github.com/Graylog2/graylog2-server/issues/3366 for the 
> related GitHub issue.
>
> Cheers,
> Jochen
>
> On Thursday, 2 February 2017 21:56:32 UTC+1, Steve Kuntz wrote:
>>
>> Hi
>>
>> This is still a big issue for me. Is there anything I can do? Is there 
>> any more information I can provide to get help?
>>
>> On Wednesday, December 14, 2016 at 10:46:36 AM UTC-5, Steve Kuntz wrote:
>>>
>>> Hi,
>>>
>>> Has anyone else seen this behavior? Everything works well until I hit 
>>> the Indices page or the try to edit an extractor. After this sometimes I 
>>> have to restart Graylog to get the interface to respond again. Could I have 
>>> too many Indices and/or shards? I'm currently processing about 40,000 
>>> messages/second. I have 1,700 indices, 24,500 shards and I've just lowered 
>>> my shards from 8 primaries and 1 replica to 4 primaries and 1 replica. 
>>> Currently my ES usage is ~40TB
>>>
>>> Thanks
>>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/3a4ea80f-51a8-4480-b641-a806bf991df4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Custom GrayLog Web Plugin Error "Cannot read property 'call' of undefined"

[Jochen Schalanda]

Hi Bill,

On Friday, 3 February 2017 13:00:19 UTC+1, Bill Murrin wrote:
>
> Any assistance you can provide would be appreciated. Here is a link to the 
> plugin to see if you guys might be able to help me figure out what is 
> causing it. Once we figure this out, I plan on sharing the plugin on the 
> marketplace and my Github page.
>

Why not put it on GitHub now so we can see the code?

Cheers,
Jochen 

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/9015b475-010a-4f55-97f3-bc8070b4817e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Custom GrayLog Web Plugin Error "Cannot read property 'call' of undefined"

[Bill Murrin]

I managed to get all of the features working for QuickValuesPlus plugin and 
it works perfectly in the web-dev environment using GrayLog 2.1.3. 

However, when I build the JAR for the plugin (mvn package) using 2.1.3 it 
BUILDS successfully, but after I add the plugin to Graylog and restart it, 
I get the following error:

Uncaught TypeError: Cannot read property 'call' of undefined
at t (vendor.js:1)
at Object. 
(plugin.org.graylog.plugins.quickvaluesplus.QuickValuesPlusWidgetPlugin.f870d4e8bd3527cc84de.js:2911)
at __webpack_require__ 
(plugin.org.graylog.plugins.quickvaluesplus.QuickValuesPlusWidgetPlugin.f870d4e8bd3527cc84de.js:20)
at Object. 
(plugin.org.graylog.plugins.quickvaluesplus.QuickValuesPlusWidgetPlugin.f870d4e8bd3527cc84de.js:2905)
at __webpack_require__ 
(plugin.org.graylog.plugins.quickvaluesplus.QuickValuesPlusWidgetPlugin.f870d4e8bd3527cc84de.js:20)
at _URI 
(plugin.org.graylog.plugins.quickvaluesplus.QuickValuesPlusWidgetPlugin.f870d4e8bd3527cc84de.js:139)
at Object. 
(plugin.org.graylog.plugins.quickvaluesplus.QuickValuesPlusWidgetPlugin.f870d4e8bd3527cc84de.js:147)
at __webpack_require__ 
(plugin.org.graylog.plugins.quickvaluesplus.QuickValuesPlusWidgetPlugin.f870d4e8bd3527cc84de.js:20)
at Object. 
(plugin.org.graylog.plugins.quickvaluesplus.QuickValuesPlusWidgetPlugin.f870d4e8bd3527cc84de.js:101)
at __webpack_require__ 
(plugin.org.graylog.plugins.quickvaluesplus.QuickValuesPlusWidgetPlugin.f870d4e8bd3527cc84de.js:20)
at Object. 
(plugin.org.graylog.plugins.quickvaluesplus.QuickValuesPlusWidgetPlugin.f870d4e8bd3527cc84de.js:49)
at __webpack_require__ 
(plugin.org.graylog.plugins.quickvaluesplus.QuickValuesPlusWidgetPlugin.f870d4e8bd3527cc84de.js:20)
at 
plugin.org.graylog.plugins.quickvaluesplus.QuickValuesPlusWidgetPlugin.f870d4e8bd3527cc84de.js:40
at 
plugin.org.graylog.plugins.quickvaluesplus.QuickValuesPlusWidgetPlugin.f870d4e8bd3527cc84de.js:43

Researching online, I've turned minification for the code to see if that 
helped (It didn't).

Any assistance you can provide would be appreciated. Here is a link to the 
plugin to see if you guys might be able to help me figure out what is 
causing it. Once we figure this out, I plan on sharing the plugin on the 
marketplace and my Github page.
https://www.dropbox.com/s/7wrmveulup0gx08/graylog-plugin-quick-values-plus-widget-1.0.0.jar?dl=0

Thanks in advance,

-Bil

On Monday, January 30, 2017 at 7:46:54 PM UTC-10, Bill Murrin wrote:
>
> Hi everyone,
>
> I'm attempting to build a web plugin that will also act as a Field 
> Analyzer.
>
> After much frustration and various undocumented errors, I've been able to 
> build the package successfully! :-)
>
> When I add the plugin, it shows up as a plugin, but does not act 
> accordingly.
>
> When I look at the Page Code, I see the following:
>
> Uncaught TypeError: Cannot read property 'call' of undefined
> at t (vendor.js:1)
> at Object. 
> (plugin.Plugin.0c250351f8fb2b358bf1.js:2905)
> at __webpack_require__ 
> (plugin.Plugin.0c250351f8fb2b358bf1.js:20)
> at Object. 
> (plugin.Plugin.0c250351f8fb2b358bf1.js:2899)
> at __webpack_require__ 
> (plugin.Plugin.0c250351f8fb2b358bf1.js:20)
> at _URI (plugin.Plugin.0c250351f8fb2b358bf1.js:139)
> at Object. 
> (plugin.Plugin.0c250351f8fb2b358bf1.js:147)
> at __webpack_require__ 
> (plugin.Plugin.0c250351f8fb2b358bf1.js:20)
> at Object. 
> (plugin.Plugin.0c250351f8fb2b358bf1.js:101)
> at __webpack_require__ 
> (plugin.Plugin.0c250351f8fb2b358bf1.js:20)
> at Object. 
> (plugin.Plugin.0c250351f8fb2b358bf1.js:49)
> at __webpack_require__ 
> (plugin.Plugin.0c250351f8fb2b358bf1.js:20)
> at plugin.Plugin.0c250351f8fb2b358bf1.js:40
> at plugin.Plugin.0c250351f8fb2b358bf1.js:43
>
> I would appreciate any help or suggestions that can be provided.
>
> Thanks in advance.
>
> -Bill
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/bd0f9e7d-a360-4f82-9478-1d43c5501150%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: How to solve this alert? Notification condition [NO_MASTER] has been fixed.

[Aitor Mendoza]

Hi Jochen,

Always both ElasticSearch nodes are using 900 MB of 2GB RAM... but I will 
try it with 4GB if it is necessary. 

Thanks ;)

El viernes, 3 de febrero de 2017, 10:07:57 (UTC+1), Jochen Schalanda 
escribió:
>
> Hi Aitor,
>
> as I already mentioned, your ES cluster doesn't have enough hardware 
> resources to keep up with the data ingestion from Graylog. Assign at least 
> 4 GiB of memory for each Elasticsearch node.
>
> Cheers,
> Jochen
>
> On Friday, 3 February 2017 08:05:27 UTC+1, Aitor Mendoza wrote:
>>
>> Hello Jochen,
>>
>> But the problem of disk space is from yesterday because a vmware 
>> datastore problem that is already solved. But I want to solve the alert "NO 
>> MASTER fixed" that appears till the first day...
>>
>> Thanks
>>
>> El jueves, 2 de febrero de 2017, 15:22:58 (UTC+1), Jochen Schalanda 
>> escribió:
>>>
>>> Hi Aitor,
>>>
>>> these logs clearly show that your Elasticsearch cluster is not healthy: 
>>> It ran out of disk space multiple times and it can't keep up with indexing 
>>> messages sent by Graylog (full task queues etc.).
>>>
>>> You'll have to provide more hardware (esp. more memory, at least 4 GiB) 
>>> to your Elasticsearch nodes.
>>>
>>> Cheers,
>>> Jochen
>>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/23e6f301-fcfa-4031-bd5f-c4b052bd9db1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: javax.net.ssl.SSLPeerUnverifiedException: Hostname 10.22.5.24 not verified - https

[Giwenn Launay]

Hi

Thank you very much it is good rest_transport_uri which(who) was badly 
configured =)
I already have try to configure him(it) but in vain
Meric very once again
In the next one

Jochen

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/b2eff5ef-aa51-41ac-bfe1-fb4232e4032f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Monitoring Windows DHCP Server Activity

[Jochen Schalanda]

Hi Rob,

How did you configure Graylog? Which inputs did you create and how did you 
configure them?
How did you configure the Graylog Collector Sidecar and what's the 
generated nxlog configuration?

Cheers,
Jochen

On Thursday, 2 February 2017 23:30:20 UTC+1, Rob Repp wrote:
>
> I set up a Graylog 2.1.2 server by deploying the downloadable OVA from 
> graylog.org. I'm trying to monitor a Windows 2008 R2 server with the DHCP 
> role installed. The DHCP server deposits activity data into log files 
> at C:\Windows\System32\dhcp\DhcpSrvLog-*.log. I have collector-sidecar and 
> nxlog installed on the Windows machine, and configured to send the log data 
> back to a collector input on the Graylog server.
>
> My configuration is based on the WindowsDHCP content pack available in the 
> Graylog marketplace. I imported the content pack json, 
> configured collector-sidecar on Windows and the Graylog collector starting 
> from the sample code at https://github.com/JulioQc/WinDHCP. 
> Unfortunately, when I do "show messages" for the collector, there's nothing 
> coming in.
>
> Has anyone had any success with this configuration? If not, is there a 
> better method for monitoring Windows DHCP activity with Graylog? Thanks!
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/556abf93-9eb8-4de3-bd37-209742509186%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Indices and edit Extractor page timing out

[Jochen Schalanda]

Hi Steve,

the issue with the extractor page might have been fixed in Graylog 2.2.0, 
see https://github.com/Graylog2/graylog2-server/issues/3366 for the related 
GitHub issue.

Cheers,
Jochen

On Thursday, 2 February 2017 21:56:32 UTC+1, Steve Kuntz wrote:
>
> Hi
>
> This is still a big issue for me. Is there anything I can do? Is there any 
> more information I can provide to get help?
>
> On Wednesday, December 14, 2016 at 10:46:36 AM UTC-5, Steve Kuntz wrote:
>>
>> Hi,
>>
>> Has anyone else seen this behavior? Everything works well until I hit the 
>> Indices page or the try to edit an extractor. After this sometimes I have 
>> to restart Graylog to get the interface to respond again. Could I have too 
>> many Indices and/or shards? I'm currently processing about 40,000 
>> messages/second. I have 1,700 indices, 24,500 shards and I've just lowered 
>> my shards from 8 primaries and 1 replica to 4 primaries and 1 replica. 
>> Currently my ES usage is ~40TB
>>
>> Thanks
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/80bf6344-c206-4895-9d78-f1cf2dbdd577%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Indices and edit Extractor page timing out

[Jochen Schalanda]

Hi Steve,

I haven't seen that behavior personally, but I wouldn't rule out that it 
can happen with a large number of indices.

Please think about reducing the number of open indices in your system, 
either by closing them (System / Indices page) or by archiving them, for 
example with the Graylog Archiving 
plugin: http://docs.graylog.org/en/2.1/pages/archiving.html

Cheers,
Jochen

On Thursday, 2 February 2017 21:56:32 UTC+1, Steve Kuntz wrote:
>
> Hi
>
> This is still a big issue for me. Is there anything I can do? Is there any 
> more information I can provide to get help?
>
> On Wednesday, December 14, 2016 at 10:46:36 AM UTC-5, Steve Kuntz wrote:
>>
>> Hi,
>>
>> Has anyone else seen this behavior? Everything works well until I hit the 
>> Indices page or the try to edit an extractor. After this sometimes I have 
>> to restart Graylog to get the interface to respond again. Could I have too 
>> many Indices and/or shards? I'm currently processing about 40,000 
>> messages/second. I have 1,700 indices, 24,500 shards and I've just lowered 
>> my shards from 8 primaries and 1 replica to 4 primaries and 1 replica. 
>> Currently my ES usage is ~40TB
>>
>> Thanks
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/ec88e254-b6c2-45e4-be8a-f3e497dda295%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: javax.net.ssl.SSLPeerUnverifiedException: Hostname 10.22.5.24 not verified - https

[Jochen Schalanda]

Hi Giwenn,

On Friday, 3 February 2017 10:04:51 UTC+1, Giwenn Launay wrote:
>
> It's good?
>

As long as you're using serv-XXX-log-2.XXX.XXX.com in your 
rest_transport_uri setting, it should be fine.

Cheers,
Jochen 

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/e55b0f9e-45db-4862-ac0a-581783afffdb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: How to solve this alert? Notification condition [NO_MASTER] has been fixed.

[Jochen Schalanda]

Hi Aitor,

as I already mentioned, your ES cluster doesn't have enough hardware 
resources to keep up with the data ingestion from Graylog. Assign at least 
4 GiB of memory for each Elasticsearch node.

Cheers,
Jochen

On Friday, 3 February 2017 08:05:27 UTC+1, Aitor Mendoza wrote:
>
> Hello Jochen,
>
> But the problem of disk space is from yesterday because a vmware datastore 
> problem that is already solved. But I want to solve the alert "NO MASTER 
> fixed" that appears till the first day...
>
> Thanks
>
> El jueves, 2 de febrero de 2017, 15:22:58 (UTC+1), Jochen Schalanda 
> escribió:
>>
>> Hi Aitor,
>>
>> these logs clearly show that your Elasticsearch cluster is not healthy: 
>> It ran out of disk space multiple times and it can't keep up with indexing 
>> messages sent by Graylog (full task queues etc.).
>>
>> You'll have to provide more hardware (esp. more memory, at least 4 GiB) 
>> to your Elasticsearch nodes.
>>
>> Cheers,
>> Jochen
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/0e49bbdf-bfc1-421f-98af-07c05f632309%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: javax.net.ssl.SSLPeerUnverifiedException: Hostname 10.22.5.24 not verified - https

[Giwenn Launay]

And this is what I puts when I to create my certificate:

Country Name (2 letter code) [XX]:FR
State or Province Name (full name) []:France
Locality Name (eg, city) [Default City]:XXX
Organization Name (eg, company) [Default Company Ltd]: 
Organizational Unit Name (eg, section) []:Info
Common Name (eg, your name or your server's hostname) 
[]:serv-XXX-log-2.XXX.XXX.com
Email Address []:xxx.x...@xxx.com
[root@serv-cor-log-2 certificate]# hostname -f
serv-XXX-log-2.XXX.XXX.com
[root@serv-cor-log-2 certificate]#

It's good?

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/a5c8ecc3-1a3e-456b-8cf4-3340f32480e4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Unable to connect elastic search

[Jochen Schalanda]

Hi Sridhar,

127.0.0.1 is the loopback address, which means that it's only accessible 
from the very same machine.

If you're trying to create an Elasticsearch cluster, you have to use a 
public IP address of all affected nodes.

See 
http://docs.graylog.org/en/2.1/pages/configuration/elasticsearch.html#configuration
 
for details.

Cheers,
Jochen

On Thursday, 2 February 2017 19:42:58 UTC+1, Sridhar wrote:
>
> Hi,
>
> I am configuring graylog in my pc, I am unable to connect elasticserach 
> server from graylog
>
> Exception: 
>
> com.google.common.util.concurrent.UncheckedExecutionException: 
> ClusterBlockException[blocked by: [SERVICE_UNAVAILABLE/1/state not 
> recovered / initialized];]
> at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2207) 
> ~[graylog.jar:?]
> at com.google.common.cache.LocalCache.get(LocalCache.java:3953) 
> ~[graylog.jar:?]
> at 
> com.google.common.cache.LocalCache$LocalManualCache.get(LocalCache.java:4790) 
> ~[graylog.jar:?]
> at 
> org.graylog2.rest.resources.sources.SourcesResource.list(SourcesResource.java:89)
>  
> ~[graylog.jar:?]
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 
> ~[?:1.8.0_121]
> at 
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) 
> ~[?:1.8.0_121]
> at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>  
> ~[?:1.8.0_121]
> at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_121]
> at 
> org.glassfish.jersey.server.model.internal.ResourceMethodInvocationHandlerFactory$1.invoke(ResourceMethodInvocationHandlerFactory.java:81)
>  
> ~[graylog.jar:?]
> at 
> org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher$1.run(AbstractJavaResourceMethodDispatcher.java:144)
>  
> ~[graylog.jar:?]
> at 
> org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.invoke(AbstractJavaResourceMethodDispatcher.java:161)
>  
> ~[graylog.jar:?]
> at 
> org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$TypeOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:205)
>  
> ~[graylog.jar:?]
> at 
> org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.dispatch(AbstractJavaResourceMethodDispatcher.java:99)
>  
> ~[graylog.jar:?]
> at 
> org.glassfish.jersey.server.model.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:389)
>  
> ~[graylog.jar:?]
> at 
> org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:347)
>  
> ~[graylog.jar:?]
> at 
> org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:102)
>  
> ~[graylog.jar:?]
> at org.glassfish.jersey.server.ServerRuntime$2.run(ServerRuntime.java:326) 
> [graylog.jar:?]
> at org.glassfish.jersey.internal.Errors$1.call(Errors.java:271) 
> [graylog.jar:?]
> at org.glassfish.jersey.internal.Errors$1.call(Errors.java:267) 
> [graylog.jar:?]
> at org.glassfish.jersey.internal.Errors.process(Errors.java:315) 
> [graylog.jar:?]
> at org.glassfish.jersey.internal.Errors.process(Errors.java:297) 
> [graylog.jar:?]
> at org.glassfish.jersey.internal.Errors.process(Errors.java:267) 
> [graylog.jar:?]
> at 
> org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:317)
>  
> [graylog.jar:?]
> at 
> org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:305) 
> [graylog.jar:?]
> at 
> org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:1154)
>  
> [graylog.jar:?]
> at 
> org.glassfish.jersey.grizzly2.httpserver.GrizzlyHttpContainer.service(GrizzlyHttpContainer.java:384)
>  
> [graylog.jar:?]
> at 
> org.glassfish.grizzly.http.server.HttpHandler$1.run(HttpHandler.java:224) 
> [graylog.jar:?]
> at 
> com.codahale.metrics.InstrumentedExecutorService$InstrumentedRunnable.run(InstrumentedExecutorService.java:176)
>  
> [graylog.jar:?]
> at 
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
>  
> [?:1.8.0_121]
> at 
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
>  
> [?:1.8.0_121]
> at java.lang.Thread.run(Thread.java:745) [?:1.8.0_121]
> Caused by: org.elasticsearch.cluster.block.ClusterBlockException: blocked 
> by: [SERVICE_UNAVAILABLE/1/state not recovered / initialized];
> at 
> org.elasticsearch.cluster.block.ClusterBlocks.globalBlockedException(ClusterBlocks.java:158)
>  
> ~[graylog.jar:?]
> at 
> org.elasticsearch.cluster.block.ClusterBlocks.globalBlockedRaiseException(ClusterBlocks.java:144)
>  
> ~[graylog.jar:?]
> at 
> org.elasticsearch.action.search.AbstractSearchAsyncAction.(AbstractSearchAsyncAction.java:94)
>  
> ~[graylog.jar:?]
> at 
> org.elasticsearch.action.search.SearchQueryThenFetchAsyncAction.(SearchQueryThenFetchAsyncAction.java:53)
>  
> ~[graylog.jar:?]
> at 
> org.elasticsearch.action.search.TransportSearchAction.doExecute(TransportSearchAction.java:93)
>  
> ~[graylog.jar:?]
> at 
> 

[graylog2] Re: javax.net.ssl.SSLPeerUnverifiedException: Hostname 10.22.5.24 not verified - https

[Giwenn Launay]

Hi,

I have already tried with a different common name ex: serv-XX-log-2. 
XXX.XXX.com but always the same error.
On the other hand when I created my certificate, he does not ask me to 
inform the field AltSubjName, it is normal?

Cheers,
Giwenn

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/8a399a07-8a70-4a0b-ad11-47a2b59ce933%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.