[graylog2] Re: exporting data from searches not working properly
Hello Found the issue as well, only the message is by default exported so I had to create an extractor to override the default message with the full message I used the split and index, using { as splitting characters Thanks! Mark On Sunday, May 31, 2015 at 1:49:07 AM UTC+10, graylog...@gmail.com wrote: Hello I'm using the production OVA (not the beta) of Graylog I noticed that when I try to export the results of a search, the message field is trunked, see example below: The full message is full_message *{1331892651000, 4776, Success, Security, Microsoft-Windows-Security-Auditing, The computer attempted to validate the credentials for an account.Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0Logon Account: mr636cSource Workstation: INHYIMR636CError Code: 0x0 }* http://192.168.1.123/search?rangetype=relativefields=source%2Cmessagewidth=1920relative=3600from=to=q=mr636c# In the exported CSV log I have only this: *{1331892651000, 4634, Success, Security, Microsoft-Windows* Is there anyway to fix this? Thanks a lot Mark -- You received this message because you are subscribed to the Google Groups graylog2 group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Re: how to keep the log message in one field?
Hello Thanks for info but my case is different (I think!) If I'm not wrong your configuration for NXLOG is to fetch live eventlogs, in my case I have a huge archive (5TB) of windows logs that have been already exported as text file, so I'm not accessing the live eventlogs on a windows system. Best regards Mark On Sunday, May 31, 2015 at 1:49:06 AM UTC+10, graylog...@gmail.com wrote: Hello I'm having a problem with graylog and nxlog feed I have a huge archive of windows event logs, I have been trying to import these logs into graylog using nxlog and gelf It all works well, nxlog pickup the logs and imports them but the messages are being split in several records rather tha a single one, Example if the event log contains the follow *{1331892664000, 4624, Success, Security, Microsoft-Windows-Security-Auditing, An account was successfully logged on.* *Subject:* * Security ID: S-1-0-0* * Account Name: -* * Account Domain: -* * Logon ID: 0x0* *Logon Type: 3* *This event is generated when a logon session is created. It is generated on the computer that was accessed.* *Key length indicates the length of the generated session key. This will be 0 if no session key was requested. } * It gets loaded into graylog as: Record 1: *{1331892664000, 4624, Success, Security, Microsoft-Windows-Security-Auditing, An account was successfully logged on.* Record 2: *Subject* Record 3*: **Security ID: S-1-0-0* etc. etc I just would like to have all the message stored in one record Do you have any idea how this could be achieved? Thanks! Mark -- You received this message because you are subscribed to the Google Groups graylog2 group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] exporting data from searches not working properly
Hello I'm using the production OVA (not the beta) of Graylog I noticed that when I try to export the results of a search, the message field is trunked, see example below: The full message is full_message *{1331892651000, 4776, Success, Security, Microsoft-Windows-Security-Auditing, The computer attempted to validate the credentials for an account.Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0Logon Account: mr636cSource Workstation: INHYIMR636CError Code: 0x0 }* http://192.168.1.123/search?rangetype=relativefields=source%2Cmessagewidth=1920relative=3600from=to=q=mr636c# In the exported CSV log I have only this: *{1331892651000, 4634, Success, Security, Microsoft-Windows* Is there anyway to fix this? Thanks a lot Mark -- You received this message because you are subscribed to the Google Groups graylog2 group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] how to keep the log message in one field?
Hello I'm having a problem with graylog and nxlog feed I have a huge archive of windows event logs, I have been trying to import these logs into graylog using nxlog and gelf It all works well, nxlog pickup the logs and imports them but the messages are being split in several records rather tha a single one, Example if the event log contains the follow *{1331892664000, 4624, Success, Security, Microsoft-Windows-Security-Auditing, An account was successfully logged on.* *Subject:* * Security ID: S-1-0-0* * Account Name: -* * Account Domain: -* * Logon ID: 0x0* *Logon Type: 3* *This event is generated when a logon session is created. It is generated on the computer that was accessed.* *Key length indicates the length of the generated session key. This will be 0 if no session key was requested. } * It gets loaded into graylog as: Record 1: *{1331892664000, 4624, Success, Security, Microsoft-Windows-Security-Auditing, An account was successfully logged on.* Record 2: *Subject* Record 3*: **Security ID: S-1-0-0* etc. etc I just would like to have all the message stored in one record Do you have any idea how this could be achieved? Thanks! Mark -- You received this message because you are subscribed to the Google Groups graylog2 group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.