[graylog2] Re: exporting data from searches not working properly
Hello
Found the issue as well, only the message is by default exported so I had
to create an extractor to override the default message with the full
message
I used the split and index, using { as splitting characters
Thanks!
Mark
On Sunday, May 31, 2015 at 1:49:07 AM UTC+10, graylog...@gmail.com wrote:
Hello
I'm using the production OVA (not the beta) of Graylog
I noticed that when I try to export the results of a search, the message
field is trunked, see example below:
The full message is full_message
*{1331892651000, 4776, Success, Security,
Microsoft-Windows-Security-Auditing, The computer attempted to validate
the credentials for an account.Authentication Package:
MICROSOFT_AUTHENTICATION_PACKAGE_V1_0Logon Account: mr636cSource
Workstation: INHYIMR636CError Code: 0x0 }*
http://192.168.1.123/search?rangetype=relativefields=source%2Cmessagewidth=1920relative=3600from=to=q=mr636c#
In the exported CSV log I have only this:
*{1331892651000, 4634, Success, Security, Microsoft-Windows*
Is there anyway to fix this?
Thanks a lot
Mark
--
You received this message because you are subscribed to the Google Groups
graylog2 group.
To unsubscribe from this group and stop receiving emails from it, send an email
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[graylog2] Re: how to keep the log message in one field?
Hello
Thanks for info but my case is different (I think!)
If I'm not wrong your configuration for NXLOG is to fetch live eventlogs,
in my case I have a huge archive (5TB) of windows logs that have been
already exported as text file, so I'm not accessing the live eventlogs on a
windows system.
Best regards
Mark
On Sunday, May 31, 2015 at 1:49:06 AM UTC+10, graylog...@gmail.com wrote:
Hello
I'm having a problem with graylog and nxlog feed
I have a huge archive of windows event logs, I have been trying to import
these logs into graylog using nxlog and gelf
It all works well, nxlog pickup the logs and imports them but the messages
are being split in several records rather tha a single one,
Example if the event log contains the follow
*{1331892664000, 4624, Success, Security,
Microsoft-Windows-Security-Auditing, An account was successfully logged
on.*
*Subject:*
* Security ID: S-1-0-0*
* Account Name: -*
* Account Domain: -*
* Logon ID: 0x0*
*Logon Type: 3*
*This event is generated when a logon session is created. It is generated
on the computer that was accessed.*
*Key length indicates the length of the generated session key. This will
be 0 if no session key was requested. } *
It gets loaded into graylog as:
Record 1: *{1331892664000, 4624, Success, Security,
Microsoft-Windows-Security-Auditing, An account was successfully logged
on.*
Record 2: *Subject*
Record 3*: **Security ID: S-1-0-0*
etc.
etc
I just would like to have all the message stored in one record
Do you have any idea how this could be achieved?
Thanks!
Mark
--
You received this message because you are subscribed to the Google Groups
graylog2 group.
To unsubscribe from this group and stop receiving emails from it, send an email
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[graylog2] exporting data from searches not working properly
Hello
I'm using the production OVA (not the beta) of Graylog
I noticed that when I try to export the results of a search, the message
field is trunked, see example below:
The full message is full_message
*{1331892651000, 4776, Success, Security,
Microsoft-Windows-Security-Auditing, The computer attempted to validate
the credentials for an account.Authentication Package:
MICROSOFT_AUTHENTICATION_PACKAGE_V1_0Logon Account: mr636cSource
Workstation: INHYIMR636CError Code: 0x0 }*
http://192.168.1.123/search?rangetype=relativefields=source%2Cmessagewidth=1920relative=3600from=to=q=mr636c#
In the exported CSV log I have only this:
*{1331892651000, 4634, Success, Security, Microsoft-Windows*
Is there anyway to fix this?
Thanks a lot
Mark
--
You received this message because you are subscribed to the Google Groups
graylog2 group.
To unsubscribe from this group and stop receiving emails from it, send an email
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[graylog2] how to keep the log message in one field?
Hello
I'm having a problem with graylog and nxlog feed
I have a huge archive of windows event logs, I have been trying to import
these logs into graylog using nxlog and gelf
It all works well, nxlog pickup the logs and imports them but the messages
are being split in several records rather tha a single one,
Example if the event log contains the follow
*{1331892664000, 4624, Success, Security,
Microsoft-Windows-Security-Auditing, An account was successfully logged
on.*
*Subject:*
* Security ID: S-1-0-0*
* Account Name: -*
* Account Domain: -*
* Logon ID: 0x0*
*Logon Type: 3*
*This event is generated when a logon session is created. It is generated
on the computer that was accessed.*
*Key length indicates the length of the generated session key. This will be
0 if no session key was requested. } *
It gets loaded into graylog as:
Record 1: *{1331892664000, 4624, Success, Security,
Microsoft-Windows-Security-Auditing, An account was successfully logged
on.*
Record 2: *Subject*
Record 3*: **Security ID: S-1-0-0*
etc.
etc
I just would like to have all the message stored in one record
Do you have any idea how this could be achieved?
Thanks!
Mark
--
You received this message because you are subscribed to the Google Groups
graylog2 group.
To unsubscribe from this group and stop receiving emails from it, send an email
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
