Re: [graylog2] Graylog Sidecar reports "unable to map property tags"

2016-07-18 Thread Jeremy Farr 
Done.  https://github.com/Graylog2/collector-sidecar/issues/39

On Monday, July 18, 2016 at 3:35:36 AM UTC-5, Marius Sturm wrote:
>
> Hi,
> could you please create an issue for that over here: 
> https://github.com/Graylog2/collector-sidecar/issues
> Please add your collector_sidecar.yml file to the ticket.
>
> Thanks,
> Marius
>
>
> On 15 July 2016 at 20:25, Jeremy Farr > 
> wrote:
>
>> So I'm using nxlog and I've installed the graylog sidecar.  I'm manually 
>> starting it with my configuration file so I can monitor it.  Just after 
>> reporting that nxlog is starting it gives a 400 error related to the 
>> property tags.  I've attached the screen shot. I've changed the tag and 
>> ensured it's the same as what I've got in the config on the graylog side. I 
>> am using the alpha release of the collector just FYI.
>>
>>
>> <https://lh3.googleusercontent.com/-8_9_6cbnu-o/V4kqFHmHZhI/ANQ/0JMW1lxKFJ4cyT4j3x750GzX0wAmhfb-ACLcB/s1600/sidecar_error.PNG>
>>
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Graylog Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to graylog2+u...@googlegroups.com .
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/graylog2/440c674f-b5ea-4315-9733-2e5c4429c41e%40googlegroups.com
>>  
>> <https://groups.google.com/d/msgid/graylog2/440c674f-b5ea-4315-9733-2e5c4429c41e%40googlegroups.com?utm_medium=email&utm_source=footer>
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
>
> -- 
> Developer
>
> Tel.: +49 (0)40 609 452 077
> Fax.: +49 (0)40 609 452 078
>
> TORCH GmbH - A Graylog Company
> Poolstraße 21
> 20335 Hamburg
> Germany
>
> https://www.graylog.com <https://www.torch.sh/>
>
> Commercial Reg. (Registergericht): Amtsgericht Hamburg, HRB 125175
> Geschäftsführer: Lennart Koopmann (CEO)
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/924e3020-f765-4a97-b7f6-8f9841e64ef1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Graylog Sidecar reports "unable to map property tags"

2016-07-15 Thread Jeremy Farr 
So I'm using nxlog and I've installed the graylog sidecar.  I'm manually 
starting it with my configuration file so I can monitor it.  Just after 
reporting that nxlog is starting it gives a 400 error related to the 
property tags.  I've attached the screen shot. I've changed the tag and 
ensured it's the same as what I've got in the config on the graylog side. I 
am using the alpha release of the collector just FYI.



-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/440c674f-b5ea-4315-9733-2e5c4429c41e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Backfilling graylog with past data

2016-07-14 Thread Jeremy Farr 
Thank you Jochen.  

On Wednesday, July 13, 2016 at 2:14:45 AM UTC-5, Jochen Schalanda wrote:
>
> Hi Jeremy,
>
> you can use Logstash or Filebeat (or any other log shipper) to backfill 
> data into Graylog, too. Simply point it to the file (or source) you want to 
> use as an input and use a GELF output to send data into Graylog. Also make 
> sure that the timestamp field is valid, because otherwise Graylog would 
> use the ingestion time as timestamp (which is not what you want to have 
> when filling in historic logs).
>
> Cheers,
> Jochen
>
> On Wednesday, 13 July 2016 04:10:04 UTC+2, Jeremy Farr wrote:
>>
>> How would I go about backfilling logs into graylog?  Does it just handle 
>> it auto-magically?  For instance, I'd like to analyze some transaction data 
>> that spans possibly the entire month. I can get the information at smaller 
>> intervals (i.e. Daily or weekly) but I would only be looking at it in 
>> monthly, quarterly or annual periods of time. I've seen people discussing 
>> using logstash to backfill elasticsearch but I couldn't find anything about 
>> back filling graylog specifically. Thanks in advance. 
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/27299714-53ae-4084-b564-18016c78721b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Re: Backfilling graylog with past data

2016-07-14 Thread Jeremy Farr 

Jason have you noticed any issues when adding to indices that are not the 
currently active one?

On Thursday, July 14, 2016 at 2:35:26 AM UTC-5, Jason Haar wrote:
>
>
> On Wed, Jul 13, 2016 at 7:14 PM, Jochen Schalanda  > wrote:
>
>> Simply point it to the file (or source) you want to use as an input and 
>> use a GELF output to send data into Graylog
>
>
> I use that all the time  - works great! Except I have a mental block and 
> keep "search" looking in the past 5 minutes and wonder why I don't see the 
> data I just pushed in (which typically had yesterday's date ;-)
>
>
> -- 
> Cheers
>
> Jason Haar
> Information Security Manager, Trimble Navigation Ltd.
> Phone: +1 408 481 8171
> PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/3e31b812-5b0d-4ee5-b374-2cd067dc308c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Backfilling graylog with past data

2016-07-12 Thread Jeremy Farr 
How would I go about backfilling logs into graylog?  Does it just handle it 
auto-magically?  For instance, I'd like to analyze some transaction data that 
spans possibly the entire month. I can get the information at smaller intervals 
(i.e. Daily or weekly) but I would only be looking at it in monthly, quarterly 
or annual periods of time. I've seen people discussing using logstash to 
backfill elasticsearch but I couldn't find anything about back filling graylog 
specifically. Thanks in advance. 

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/25b55f9d-e023-4d24-ba40-64e65ec2345f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: VMware ESXi Logs to Graylog2

2016-07-12 Thread Jeremy Farr 
Would it be possible for you to create a raw message input into graylog (for 
retention) and forward the logs from graylog to sexilog?  I use both but like 
having all logs in graylog. PS: Give sexigraf a look too. 

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/00416e27-1403-4ec2-8660-a52a1eb20970%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Run collector as a service

2015-10-01 Thread Jeremy Farr 
Jochen,

I see you guys have OS packages now but I still have some Centos 6 machines 
I need the collector to run on.  Any scripts or wrappers for these or any 
way to "fit" the OS packages to work on other releases?

On Tuesday, June 16, 2015 at 11:14:27 AM UTC-5, Jochen Schalanda wrote:
>
> Hi Jeremy,
>
> the Graylog Collector comes with a service script for Windows (see 
> http://docs.graylog.org/en/1.1/pages/collector.html#windows). Init 
> scripts (or systemd units and Upstart service files) are still missing at 
> the moment but will be included in the OS packages (DEB/RPM) for the 
> Collector which we will provide in the near future.
>
> Cheers,
> Jochen
>
> On Tuesday, 16 June 2015 14:06:43 UTC+2, Jeremy Farr wrote:
>>
>> Anyone have a script or wrapper to run the collector as a service and 
>> start at boot?
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/a63bbf6e-7954-46eb-8a22-b94ac9d5bf29%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Run collector as a service

2015-06-16 Thread Jeremy Farr 
Anyone have a script or wrapper to run the collector as a service and start 
at boot?

-- 
You received this message because you are subscribed to the Google Groups 
"graylog2" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Configuration Options for the Graylog Collector

2015-06-09 Thread Jeremy Farr 
Great, thanks Bernd.  Exactly what I needed.  

On Tuesday, June 9, 2015 at 1:19:27 PM UTC-5, Bernd Ahlers wrote:
>
> Jeremy, 
>
> there is only a file and a windows-eventlog input right now. The 
> documentation for them is not really there right know. We have an issue 
> on GitHub that lists the missing items. 
>
> https://github.com/Graylog2/collector/issues/25 
>
> The current documentation is here: 
>
> http://docs.graylog.org/en/1.1/pages/collector.html 
>
> This will eventually describe all available collector options. 
>
> Regarding ingesting CSV you are right, just use a "file" input and build 
> an extractor with a "CSV to fields" converter on the Graylog server. 
>
> Hope that helps. 
>
> Regards, 
> Bernd 
>
> Jeremy Farr [Tue, Jun 09, 2015 at 07:22:21AM -0700] wrote: 
> >I've been using NXLOG-CE to send windows event log data to my Graylog 
> >instance.  I was curious about utilizing the Graylog collector and 
> reading 
> >through the docs I see the basic setups for my Windows devices.  The 
> >structure of the config looks similar to what I'm accustom to in NXLOG. I 
> >also noticed was different input types but only saw a handful detailed. 
>  Is 
> >there a comprehensive list of configuration possibilities?  Can I input 
> >from a CSV file and is there a specific config option for that or do I 
> >simply use 'file' and build an extractor on the Graylog side? 
> > 
> >Thanks all. 
> > 
> >-- 
> >You received this message because you are subscribed to the Google Groups 
> "graylog2" group. 
> >To unsubscribe from this group and stop receiving emails from it, send an 
> email to graylog2+u...@googlegroups.com . 
> >For more options, visit https://groups.google.com/d/optout. 
>
>
> -- 
> Developer 
>
> Tel.: +49 (0)40 609 452 077 
> Fax.: +49 (0)40 609 452 078 
>
> TORCH GmbH - A Graylog company 
> Steckelhörn 11 
> 20457 Hamburg 
> Germany 
>
> Commercial Reg. (Registergericht): Amtsgericht Hamburg, HRB 125175 
> Geschäftsführer: Lennart Koopmann (CEO) 
>

-- 
You received this message because you are subscribed to the Google Groups 
"graylog2" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Configuration Options for the Graylog Collector

2015-06-09 Thread Jeremy Farr 
I've been using NXLOG-CE to send windows event log data to my Graylog 
instance.  I was curious about utilizing the Graylog collector and reading 
through the docs I see the basic setups for my Windows devices.  The 
structure of the config looks similar to what I'm accustom to in NXLOG. I 
also noticed was different input types but only saw a handful detailed.  Is 
there a comprehensive list of configuration possibilities?  Can I input 
from a CSV file and is there a specific config option for that or do I 
simply use 'file' and build an extractor on the Graylog side? 

Thanks all.

-- 
You received this message because you are subscribed to the Google Groups 
"graylog2" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: I think I just lost all my extractors

2014-11-19 Thread Jeremy Farr 


Or can't we create and maintain extractors separately from inputs and later 
> associate them to multiple inputs of our choices? This way we can use an 
> extractor for multiple inputs of same type and we don't have to recreate 
> them when we destroy inputs.
>
>
I like this idea as well.  That way the extractors live totally independent 
of the input itself.  

-- 
You received this message because you are subscribed to the Google Groups 
"graylog2" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Graylog2 web 0.90.0 error "API call failed to execute"

2014-11-12 Thread Jeremy Farr 
Jochen,

Thanks for all your help.  I've successfully redeployed Graylog2 at the 
0.91.3 release level.  All seems to be working perfectly.  It is worth 
noting that I did get the same error when setting up the new deployment. 
 The only common thread was my config files.  So I rebuilt them as well. 
 After using the fresh config files I did not receive the error.  So there 
may be some issues within when moving from 0.20.x to 0.9X.X that may be 
avoided by carefully rebuilding your config or at minimum ensuring your 
config has all the appropriate needed parts in them.  

Thanks again.

-- 
You received this message because you are subscribed to the Google Groups 
"graylog2" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Graylog2 web 0.90.0 error "API call failed to execute"

2014-11-07 Thread Jeremy Farr 
So maybe the easier solution is to setup a fresh Graylog2 Server install to 
replace my current one. I can install from the repos for ease of future 
release install and just simply "attach" the new Graylog2 instance to my 
mongo db and my elasticsearch cluster.  I'll have to use Graylog2 0.90.3 as 
my elasticsearch cluster is still version 0.90.x.  Is there a "best 
practice" to this?  Does the node id on the replacement install need to be 
the same as the legacy Graylog2 server instance?  

-- 
You received this message because you are subscribed to the Google Groups 
"graylog2" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: I think I just lost all my extractors

2014-11-07 Thread Jeremy Farr 
Thanks Jochen.  I shouldn't have too much trouble recreating them.  I think 
that would be a great enhancement!

-- 
You received this message because you are subscribed to the Google Groups 
"graylog2" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Graylog2 web 0.90.0 error "API call failed to execute"

2014-11-05 Thread Jeremy Farr 
Ok, updated and now getting the following: 

root@graylog2:/usr/share/graylog2-web# bin/graylog2-web-interface
Play server process ID is 8426
[error] o.g.r.l.ServerNodesRefreshService - Resolving configured nodes 
failed
java.lang.NullPointerException: null
at java.net.URI$Parser.parse(URI.java:3023) ~[na:1.7.0_65]
at java.net.URI.(URI.java:595) ~[na:1.7.0_65]
at java.net.URI.create(URI.java:857) ~[na:1.7.0_65]
at 
org.graylog2.restclient.models.ClusterEntity.normalizeUriPath(ClusterEntity.java:40)
 
~[org.graylog2.graylog2-rest-client-0.90.3.jar:na]
at org.graylog2.restclient.models.Node.(Node.java:102) 
~[org.graylog2.graylog2-rest-client-0.90.3.jar:na]
at 
org.graylog2.restclient.models.Node$$FastClassByGuice$$c8fff58a.newInstance()
 
~[com.google.inject.guice-3.0.jar:na]
[error] o.g.r.l.ServerNodesRefreshService - Resolving configured nodes 
failed
java.lang.NullPointerException: null
at java.net.URI$Parser.parse(URI.java:3023) ~[na:1.7.0_65]
at java.net.URI.(URI.java:595) ~[na:1.7.0_65]
at java.net.URI.create(URI.java:857) ~[na:1.7.0_65]
at 
org.graylog2.restclient.models.ClusterEntity.normalizeUriPath(ClusterEntity.java:40)
 
~[org.graylog2.graylog2-rest-client-0.90.3.jar:na]
at org.graylog2.restclient.models.Node.(Node.java:102) 
~[org.graylog2.graylog2-rest-client-0.90.3.jar:na]
at 
org.graylog2.restclient.models.Node$$FastClassByGuice$$c8fff58a.newInstance()
 
~[com.google.inject.guice-3.0.jar:na]
[info] play - Application started (Prod)
[info] play - Listening for HTTP on /0:0:0:0:0:0:0:0:9000
[error] o.g.r.l.ServerNodesRefreshService - Resolving configured nodes 
failed
java.lang.NullPointerException: null
at java.net.URI$Parser.parse(URI.java:3023) ~[na:1.7.0_65]
at java.net.URI.(URI.java:595) ~[na:1.7.0_65]
at java.net.URI.create(URI.java:857) ~[na:1.7.0_65]
at 
org.graylog2.restclient.models.ClusterEntity.normalizeUriPath(ClusterEntity.java:40)
 
~[org.graylog2.graylog2-rest-client-0.90.3.jar:na]
at org.graylog2.restclient.models.Node.(Node.java:102) 
~[org.graylog2.graylog2-rest-client-0.90.3.jar:na]
at 
org.graylog2.restclient.models.Node$$FastClassByGuice$$c8fff58a.newInstance()
 
~[com.google.inject.guice-3.0.jar:na]
[error] o.g.r.l.ServerNodesRefreshService - Resolving configured nodes 
failed
java.lang.NullPointerException: null
at java.net.URI$Parser.parse(URI.java:3023) ~[na:1.7.0_65]
at java.net.URI.(URI.java:595) ~[na:1.7.0_65]
at java.net.URI.create(URI.java:857) ~[na:1.7.0_65]
at 
org.graylog2.restclient.models.ClusterEntity.normalizeUriPath(ClusterEntity.java:40)
 
~[org.graylog2.graylog2-rest-client-0.90.3.jar:na]
at org.graylog2.restclient.models.Node.(Node.java:102) 
~[org.graylog2.graylog2-rest-client-0.90.3.jar:na]
at 
org.graylog2.restclient.models.Node$$FastClassByGuice$$c8fff58a.newInstance()
 
~[com.google.inject.guice-3.0.jar:na]
[error] o.g.r.l.ServerNodesRefreshService - Resolving configured nodes 
failed
java.lang.NullPointerException: null
at java.net.URI$Parser.parse(URI.java:3023) ~[na:1.7.0_65]
at java.net.URI.(URI.java:595) ~[na:1.7.0_65]
at java.net.URI.create(URI.java:857) ~[na:1.7.0_65]
at 
org.graylog2.restclient.models.ClusterEntity.normalizeUriPath(ClusterEntity.java:40)
 
~[org.graylog2.graylog2-rest-client-0.90.3.jar:na]
at org.graylog2.restclient.models.Node.(Node.java:102) 
~[org.graylog2.graylog2-rest-client-0.90.3.jar:na]
at 
org.graylog2.restclient.models.Node$$FastClassByGuice$$c8fff58a.newInstance()
 
~[com.google.inject.guice-3.0.jar:na]
[error] o.g.r.l.ServerNodesRefreshService - Resolving configured nodes 
failed
java.lang.NullPointerException: null
at java.net.URI$Parser.parse(URI.java:3023) ~[na:1.7.0_65]
at java.net.URI.(URI.java:595) ~[na:1.7.0_65]
at java.net.URI.create(URI.java:857) ~[na:1.7.0_65]
at 
org.graylog2.restclient.models.ClusterEntity.normalizeUriPath(ClusterEntity.java:40)
 
~[org.graylog2.graylog2-rest-client-0.90.3.jar:na]
at org.graylog2.restclient.models.Node.(Node.java:102) 
~[org.graylog2.graylog2-rest-client-0.90.3.jar:na]
at 
org.graylog2.restclient.models.Node$$FastClassByGuice$$c8fff58a.newInstance()
 
~[com.google.inject.guice-3.0.jar:na]
[error] o.g.r.l.ServerNodesRefreshService - Resolving configured nodes 
failed
java.lang.NullPointerException: null
at java.net.URI$Parser.parse(URI.java:3023) ~[na:1.7.0_65]
at java.net.URI.(URI.java:595) ~[na:1.7.0_65]
at java.net.URI.create(URI.java:857) ~[na:1.7.0_65]
at 
org.graylog2.restclient.models.ClusterEntity.normalizeUriPath(ClusterEntity.java:40)
 
~[org.graylog2.graylog2-rest-client-0.90.3.jar:na]
at org.graylog2.restclient.models.Node.(Node.java:102) 
~[org.graylog2.graylog2-rest-client-0.90.3.jar:na]
at 
org.graylog2.restclient.models.N

[graylog2] I think I just lost all my extractors

2014-11-03 Thread Jeremy Farr 
Before anyone says it, yes I should have backed up my extractors or 
exported them and saved them somewhere.  Got it.  I terminated an input to 
make an adjustment and as soon as I hit the button I realized what I had 
done.  Are these extractors, by the smallest chance, still somewhere that I 
can recover them or am I out of luck?  I have some of them documented in my 
notepad++ where I was sort of housing them. My goal was to post them and I 
may have to start over.  :(  I'd also say I think a nice feature may be a 
warning of some sort stating, "hey you have extractors running under this 
input - are you sure you want to terminate?".  Shouldn't be too bad to 
recreate these, but I hate that I did that.   I'm currently migrating my 
graylog2 install as per Scott Pack's blog post 
(http://secopsmonkey.com/migrating-graylog2-servers.html).  I'm currently 
running version 0.20.6 and moving to 0.90.1.  

-- 
You received this message because you are subscribed to the Google Groups 
"graylog2" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Graylog2 web 0.90.0 error "API call failed to execute"

2014-10-23 Thread Jeremy Farr 
Ok, I was able to get around to this and still having similar issues:

https://gist.github.com/anonymous/800fd65b895709f5ea99#file-graylog-server-0-90-1_debug

-- 
You received this message because you are subscribed to the Google Groups 
"graylog2" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Graylog2 web 0.90.0 error "API call failed to execute"

2014-10-15 Thread Jeremy Farr 
Jochen,

Here you are my 
friend: 
https://gist.github.com/anonymous/6226569051fe641d5eb9#file-graylog2-server_0-90-0_debug

Hopefully, I used gist correctly.  Admittedly I've never used that piece of 
github before!

-- 
You received this message because you are subscribed to the Google Groups 
"graylog2" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Graylog2 web 0.90.0 error "API call failed to execute"

2014-10-14 Thread Jeremy Farr 
Jochen,  

Here you go:

[root@graylog2-server graylog2]# curl -i -H 'Accept: application/json' 
'http://172.20.56.41:12900/system/cluster/node?pretty=true'
HTTP/1.1 404 Not Found
Transfer-Encoding: chunked

{"type":"ApiError","message":"HTTP 404 Not Found"}

[root@graylog2-server graylog2]# curl -i -H 'Accept: application/json' 
'http://172.20.56.41:12900/system/cluster/nodes?pretty=true'
HTTP/1.1 404 Not Found
Transfer-Encoding: chunked

{"type":"ApiError","message":"HTTP 404 Not Found"}

[root@graylog2-server graylog2]# curl -i -H 'Accept: application/json' 
'http://172.20.56.41:12900/system/cluster/nodes/51b4b982-51a4-42e3-8e0d-ffa22f74b595?pretty=true'
HTTP/1.1 404 Not Found
Transfer-Encoding: chunked

{"type":"ApiError","message":"HTTP 404 Not Found"}


As soon as I revert back to the previous versions (0.20.6) and restart 
graylog2-server all is well.  

-- 
You received this message because you are subscribed to the Google Groups 
"graylog2" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Graylog2 web 0.90.0 error "API call failed to execute"

2014-10-14 Thread Jeremy Farr 
Everything seems good from a mongodb point-of-view:


[root@graylog2-server ~]# mongo graylog2
MongoDB shell version: 2.6.4
connecting to: graylog2
Welcome to the MongoDB shell.
For interactive help, type "help".
For more comprehensive documentation, see
http://docs.mongodb.org/
Questions? Try the support group
http://groups.google.com/group/mongodb-user
> db.nodes.find( { "node_id": "51b4b982-51a4-42e3-8e0d-ffa22f74b595" } )
{ "_id" : ObjectId("53ff349de4b01a8de4b353ab"), "is_master" : true, 
"transport_address" : "http://172.20.56.41:12900";, "type" : "SERVER", 
"last_seen" : 1413292341, "node_id" : 
"51b4b982-51a4-42e3-8e0d-ffa22f74b595" }

-- 
You received this message because you are subscribed to the Google Groups 
"graylog2" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Graylog2 web 0.90.0 error "API call failed to execute"

2014-10-09 Thread Jeremy Farr 
Thanks for the help Jochen

Ok, so checked to see if graylog2-server is listening with netstat:

[root@graylog2-server graylog2]# netstat -tplen|grep :12900 tcp0   
   0 :::172.20.56.41:12900   :::*LISTEN  0 
 930716 2720/java

Ok, so all looks good there. Now trying with the curl command for the 
proper reply:

[root@graylog2-server graylog2]# curl -i --user admin:mypassword -H 
'Accept: application/json' http://172.20.56.41:12900/system/cluster/node
HTTP/1.1 404 Not Found
Transfer-Encoding: chunked

{"type":"ApiError","message":"HTTP 404 Not Found"}

So this appears to be the issue but why the 404 here?  

When I run this against my 0.20.6 version I get this:

[root@graylog2-web graylog2]# curl -i --user admin:mypassword -H 'Accept: 
application/json' http://172.20.56.41:12900/system/cluster/node
HTTP/1.1 200 OK
Content-Type: application/json
X-Runtime-Microseconds: 2415
Transfer-Encoding: chunked

{"id":"51b4b982-51a4-42e3-8e0d-ffa22f74b595","is_master":true,"last_seen":"2014-10-10T03:09:43.000Z","transport_address":"http://172.20.56.41:12900","type":"server","short_node_id":"51b4b982"}

I would assume that is the response we would like to see.  What could 
possibly be missing with the newer binary?  

-- 
You received this message because you are subscribed to the Google Groups 
"graylog2" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Graylog2 web 0.90.0 error "API call failed to execute"

2014-10-08 Thread Jeremy Farr 
So I download and drop in the new release of Graylog2 and my graylog2 
server fires up fine, but my graylog2 web portion throws an error and won't 
connect to the server (they are on separate servers).  I've confirmed 
iptables is disabled on both.  Here is the output I get from the 
graylog2-web machine:

[root@graylog2-web graylog2]# bin/graylog2-web-interface -Dhttp.port=8080
Play server process ID is 14472
[error] o.g.r.l.ApiClient - API call failed to execute.
java.util.concurrent.ExecutionException: java.net.ConnectException: 
Connection refused: /172.20.56.41:12900 to 
http://172.20.56.41:12900/system/cluster/node
   at 
com.ning.http.client.providers.netty.NettyResponseFuture.abort(NettyResponseFuture.java:336)
 
~[com.ning.async-http-client-1.7.18.jar:na]
   at 
com.ning.http.client.providers.netty.NettyConnectListener.operationComplete(NettyConnectListener.java:107)
 
~[com.ning.async-http-client-1.7.18.jar:na]
   at 
org.jboss.netty.channel.DefaultChannelFuture.notifyListener(DefaultChannelFuture.java:427)
 
~[io.netty.netty-3.7.0.Final.jar:na]
   at 
org.jboss.netty.channel.DefaultChannelFuture.notifyListeners(DefaultChannelFuture.java:418)
 
~[io.netty.netty-3.7.0.Final.jar:na]
   at 
org.jboss.netty.channel.DefaultChannelFuture.setFailure(DefaultChannelFuture.java:380)
 
~[io.netty.netty-3.7.0.Final.jar:na]
   at 
org.jboss.netty.channel.socket.nio.NioClientBoss.processSelectedKeys(NioClientBoss.java:109)
 
~[io.netty.netty-3.7.0.Final.jar:na]
Caused by: java.net.ConnectException: Connection refused: 
/172.20.56.41:12900 to http://172.20.56.41:12900/system/cluster/node
   at 
com.ning.http.client.providers.netty.NettyConnectListener.operationComplete(NettyConnectListener.java:103)
 
~[com.ning.async-http-client-1.7.18.jar:na]
   at 
org.jboss.netty.channel.DefaultChannelFuture.notifyListener(DefaultChannelFuture.java:427)
 
~[io.netty.netty-3.7.0.Final.jar:na]
   at 
org.jboss.netty.channel.DefaultChannelFuture.notifyListeners(DefaultChannelFuture.java:418)
 
~[io.netty.netty-3.7.0.Final.jar:na]
   at 
org.jboss.netty.channel.DefaultChannelFuture.setFailure(DefaultChannelFuture.java:380)
 
~[io.netty.netty-3.7.0.Final.jar:na]
   at 
org.jboss.netty.channel.socket.nio.NioClientBoss.processSelectedKeys(NioClientBoss.java:109)
 
~[io.netty.netty-3.7.0.Final.jar:na]
   at 
org.jboss.netty.channel.socket.nio.NioClientBoss.process(NioClientBoss.java:79) 
~[io.netty.netty-3.7.0.Final.jar:na]
Caused by: java.net.ConnectException: Connection refused: 
/172.20.56.41:12900
   at sun.nio.ch.SocketChannelImpl.checkConnect(Native Method) 
~[na:1.7.0_65]
   at 
sun.nio.ch.SocketChannelImpl.finishConnect(SocketChannelImpl.java:739) 
~[na:1.7.0_65]
   at 
org.jboss.netty.channel.socket.nio.NioClientBoss.connect(NioClientBoss.java:150)
 
~[io.netty.netty-3.7.0.Final.jar:na]
   at 
org.jboss.netty.channel.socket.nio.NioClientBoss.processSelectedKeys(NioClientBoss.java:105)
 
~[io.netty.netty-3.7.0.Final.jar:na]
   at 
org.jboss.netty.channel.socket.nio.NioClientBoss.process(NioClientBoss.java:79) 
~[io.netty.netty-3.7.0.Final.jar:na]
   at 
org.jboss.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSelector.java:312)
 
~[io.netty.netty-3.7.0.Final.jar:na]
[error] o.g.r.l.ApiClient - API call failed to execute.
java.util.concurrent.ExecutionException: java.net.ConnectException: 
Connection refused: /172.20.56.41:12900 to 
http://172.20.56.41:12900/system/cluster/node
   at 
com.ning.http.client.providers.netty.NettyResponseFuture.abort(NettyResponseFuture.java:336)
 
~[com.ning.async-http-client-1.7.18.jar:na]
   at 
com.ning.http.client.providers.netty.NettyConnectListener.operationComplete(NettyConnectListener.java:107)
 
~[com.ning.async-http-client-1.7.18.jar:na]
   at 
org.jboss.netty.channel.DefaultChannelFuture.notifyListener(DefaultChannelFuture.java:427)
 
~[io.netty.netty-3.7.0.Final.jar:na]
   at 
org.jboss.netty.channel.DefaultChannelFuture.notifyListeners(DefaultChannelFuture.java:418)
 
~[io.netty.netty-3.7.0.Final.jar:na]
   at 
org.jboss.netty.channel.DefaultChannelFuture.setFailure(DefaultChannelFuture.java:380)
 
~[io.netty.netty-3.7.0.Final.jar:na]
   at 
org.jboss.netty.channel.socket.nio.NioClientBoss.processSelectedKeys(NioClientBoss.java:109)
 
~[io.netty.netty-3.7.0.Final.jar:na]
Caused by: java.net.ConnectException: Connection refused: 
/172.20.56.41:12900 to http://172.20.56.41:12900/system/cluster/node
   at 
com.ning.http.client.providers.netty.NettyConnectListener.operationComplete(NettyConnectListener.java:103)
 
~[com.ning.async-http-client-1.7.18.jar:na]
   at 
org.jboss.netty.channel.DefaultChannelFuture.notifyListener(DefaultChannelFuture.java:427)
 
~[io.netty.netty-3.7.0.Final.jar:na]
   at 
org.jboss.netty.channel.DefaultChannelFuture.notifyListeners(DefaultChannelFuture.java:418)
 
~[io.netty.netty-3.7.0.Final.jar:na]
   at 
org.jboss.netty.channel.Defau

[graylog2] Re: Input Stalls After Adding Multiple Extractors

2014-06-23 Thread Jeremy Farr 
After further troubleshooting it looks as though the issue is actually in 
my attempt to convert the machine time. I was attempting to have the time 
converted and saved to the target field of "timestamp".  Upon doing this my 
input basically stalls until I remove this extractor.  Is there a 
particular way I should be extracting time and rewriting the timestamp 
field?  

-- 
You received this message because you are subscribed to the Google Groups 
"graylog2" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Input Stalls After Adding Multiple Extractors

2014-06-23 Thread Jeremy Farr 
So I've been working on building out extractors for my environment and 
after adding several it seems the input these extractors are tied to 
basically stops functioning properly and no more messages get logged. 
 After terminating the input and re-adding messages are again being logged, 
but if I add the extractors back the input stalls again.  I've only got 
about 7 or 8 extractors on this particular input.  These extractors are 
regex based and the input is UDP based.  Any best practices or tuning 
advice to ensure that my inputs and extractors don't get overloaded.  

-- 
You received this message because you are subscribed to the Google Groups 
"graylog2" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Couple of questions regarding graylog2 server cluster

2014-05-29 Thread Jeremy Farr 
So i've created a second graylog2 server and I want to add it and create a 
cluster.  I've made sure only one of graylog2 server "is_master = true" 
however i'm still getting an error notification when viewing the nodes from 
within the web interface:


So i'm not sure why i'm getting this unless there is another setting in the 
graylog2.conf that I need to review.  The only other settings I'm not clear 
on are the rest_listen_uri and the rest_transport_uri.  Can someone explain 
these?  I currently only have rest_listen_uri set to each host's IP in 
their respective graylog2.conf files.  I appreciate any help!

-- 
You received this message because you are subscribed to the Google Groups 
"graylog2" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Building input for SendGrid API mail events

2014-05-22 Thread Jeremy Farr 
We use SendGrid for transactional and email marketing.  They have a 
tremendous amount of documentation around their API and email events.  One 
of the events we want to be able to log in our Graylog2 instance is bounced 
email.  The request looks like the follow:

https://sendgrid.com/api/bounces.get.json?api_user=u...@mydomain.com&api_key
=&date=1&days=7&start_date=2014-05-22&type=hard

So I'm unsure as to how to build this out with the *JSON path from HTTP 
API*input on my Graylog2 instance?  Is that even the proper input to use?  Any 
help is much appreciated.  

-- 
You received this message because you are subscribed to the Google Groups 
"graylog2" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Anyone willing to share extractors (ESXi, Cisco, Juniper, etc)?

2014-02-14 Thread Jeremy Farr 
I'd love to see them.  I know there are multiple ways to get the messages 
formatted the way you may want them i'm just curious how others are 
accomplishing this.  I'd like for my extractors to be as efficient as 
possible.  Thanks Martin!

On Thursday, February 13, 2014 5:02:35 PM UTC-6, Martin René Mortensen 
wrote:
>
> I have some decent extractors for Cisco Asa and ace devices written as 
> drools rules for v0.12. Can't get much drools to work for 0.20 yet though, 
> still working on it.
>
> I might figure out a nice place to put them, or I could attach them here 
> if you like.
>
> /Martin
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"graylog2" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[graylog2] Anyone willing to share extractors (ESXi, Cisco, Juniper, etc)?

2014-02-10 Thread Jeremy Farr 
Anyone have some quality extractors for ESXi they would be willing to 
share?  I'd rather not have to send my logs through rsyslog first just to 
get them in the correct format.  

-- 
You received this message because you are subscribed to the Google Groups 
"graylog2" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [graylog2] Best Method to Decommission Elasticsearch node?

2014-01-07 Thread Jeremy Farr 
Worked like a charm.  Thanks again.

On Tuesday, January 7, 2014 5:13:29 AM UTC-6, lennart wrote:
>
> Yes. This will reflect any new index that is created by Graylog2. 
>
> To change the replica settings of already existing indices you can 
> query ElasticSearch directly: 
>
> http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/indices-update-settings.html
>  
>
> On Mon, Jan 6, 2014 at 9:36 PM, Jeremy Farr 
> > 
> wrote: 
> > Ok, great.  Thanks Lennart.  I'm not sure what I did when initially 
> setting 
> > my elasticsearch cluster but I'm not seeing any replicas based on my 
> viewing 
> > the bigdesk plugin and the es head plugin.  I should be able to correct 
> the 
> > number of replicas anytime, correct? 
> > 
> > 
> > On Thursday, January 2, 2014 2:38:07 PM UTC-6, lennart wrote: 
> >> 
> >> Hey Jeremy, 
> >> 
> >> future versions of Graylog2 allow you to do this automatically but for 
> >> now you'll indeed have to move all shards over to a node you are not 
> >> going to shut down. Make sure to turn off auto-rebalancing first or 
> >> ElasticSearch will immediately start to move over other shards. 
> >> 
> >> Note that you can also configure Graylog2 to create replicas of each 
> >> shard. This way you could turn off the second node completely without 
> >> interrupting or moving anything by hand. 
> >> 
> >> Thanks, 
> >> Lennart 
> >> 
> >> On Tue, Dec 31, 2013 at 7:27 PM, Jeremy Farr  
> wrote: 
> >> > What is the recommend method for decommissioning an ES node from my 
> >> > cluster? 
> >> > Obviously, I'd like to not lose any information.  I've read a few 
> posts 
> >> > in 
> >> > elasticsearch forums about index shard allocation and other posts 
> about 
> >> > simply turning the node off and allowing the cluster to rebalance. 
> >> > What's 
> >> > the best or recommended method?  Currently, I have used the default 
> >> > settings 
> >> > in my elasticsearch.yml config as well as in the graylog2.conf.  I 
> also 
> >> > only 
> >> > have two nodes in my cluster.  I can easily add nodes if needed. 
> >> > 
> >> > -- 
> >> > You received this message because you are subscribed to the Google 
> >> > Groups 
> >> > "graylog2" group. 
> >> > To unsubscribe from this group and stop receiving emails from it, 
> send 
> >> > an 
> >> > email to graylog2+u...@googlegroups.com. 
> >> > For more options, visit https://groups.google.com/groups/opt_out. 
> > 
> > -- 
> > You received this message because you are subscribed to the Google 
> Groups 
> > "graylog2" group. 
> > To unsubscribe from this group and stop receiving emails from it, send 
> an 
> > email to graylog2+u...@googlegroups.com . 
> > For more options, visit https://groups.google.com/groups/opt_out. 
>

-- 
You received this message because you are subscribed to the Google Groups 
"graylog2" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [graylog2] Best Method to Decommission Elasticsearch node?

2014-01-06 Thread Jeremy Farr 
Ok, great.  Thanks Lennart.  I'm not sure what I did when initially setting 
my elasticsearch cluster but I'm not seeing any replicas based on my 
viewing the bigdesk plugin and the es head plugin.  I should be able to 
correct the number of replicas anytime, correct?  

On Thursday, January 2, 2014 2:38:07 PM UTC-6, lennart wrote:
>
> Hey Jeremy, 
>
> future versions of Graylog2 allow you to do this automatically but for 
> now you'll indeed have to move all shards over to a node you are not 
> going to shut down. Make sure to turn off auto-rebalancing first or 
> ElasticSearch will immediately start to move over other shards. 
>
> Note that you can also configure Graylog2 to create replicas of each 
> shard. This way you could turn off the second node completely without 
> interrupting or moving anything by hand. 
>
> Thanks, 
> Lennart 
>
> On Tue, Dec 31, 2013 at 7:27 PM, Jeremy Farr 
> > 
> wrote: 
> > What is the recommend method for decommissioning an ES node from my 
> cluster? 
> > Obviously, I'd like to not lose any information.  I've read a few posts 
> in 
> > elasticsearch forums about index shard allocation and other posts about 
> > simply turning the node off and allowing the cluster to rebalance. 
>  What's 
> > the best or recommended method?  Currently, I have used the default 
> settings 
> > in my elasticsearch.yml config as well as in the graylog2.conf.  I also 
> only 
> > have two nodes in my cluster.  I can easily add nodes if needed. 
> > 
> > -- 
> > You received this message because you are subscribed to the Google 
> Groups 
> > "graylog2" group. 
> > To unsubscribe from this group and stop receiving emails from it, send 
> an 
> > email to graylog2+u...@googlegroups.com . 
> > For more options, visit https://groups.google.com/groups/opt_out. 
>

-- 
You received this message because you are subscribed to the Google Groups 
"graylog2" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[graylog2] Best Method to Decommission Elasticsearch node?

2013-12-31 Thread Jeremy Farr 
What is the recommend method for decommissioning an ES node from my 
cluster?  Obviously, I'd like to not lose any information.  I've read a few 
posts in elasticsearch forums about index shard allocation and other posts 
about simply turning the node off and allowing the cluster to rebalance. 
 What's the best or recommended method?  Currently, I have used the default 
settings in my elasticsearch.yml config as well as in the graylog2.conf.  I 
also only have two nodes in my cluster.  I can easily add nodes if needed.  

-- 
You received this message because you are subscribed to the Google Groups 
"graylog2" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[graylog2] Getting a "retention_strategy" not found exception

2013-12-23 Thread Jeremy Farr 
Just copied over Graylog2 preview.8 and went to start my graylog2 server up 
and got an exception.  Any ideas?

[root@es-01 graylog2]# java -jar graylog2-server.jar --debug
2013-12-23 09:09:49,771 WARN : com.github.joschi.jadconfig.JadConfig - 
Required parameter retention_strategy not found
Exception in thread "main" com.github.joschi.jadconfig.ParameterException: 
Required parameter "retention_strategy" not found.
at 
com.github.joschi.jadconfig.JadConfig.processClassFields(JadConfig.java:99)
at com.github.joschi.jadconfig.JadConfig.process(JadConfig.java:80)
at org.graylog2.Main.main(Main.java:102)


-- 
You received this message because you are subscribed to the Google Groups 
"graylog2" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.