[graylog2] Re: Received by deleted input on outdated node?
This works well for me. I need to give a bunch of staff read access to everything in Graylog, so I have created a stream "CatchAll" with the rule simply that the message field is present. I then grant the necessary users view access on the CatchAll stream and it seems to work well. The only catch with this method has been the lack of the Search bar by default but I haven't asked anyone if this has changed in 1.1.2 (I have Admin rights). The users are used to searching via Streams so it's not an issue that I'm aware of. Hope that helps. Cheers, Pete On Wednesday, 17 June 2015 18:01:13 UTC+10, Jochen Schalanda wrote: > > Hi Mark, > > you can create a stream containing all messages (e. g. by checking for the > presence of the timestamp or message fields) and allow all users to read > that stream (but not edit it). This way users can query for all messages > (in that stream) but cannot modify anything. > > Cheers, > Jochen > > On Tuesday, 16 June 2015 19:28:08 UTC+2, Mark Moorcroft wrote: >> >> >> ALL messages are relevant to every user. And unless I don't have a firm >> grasp of Streams, I found that option unacceptable. So I set up a second VM >> with full search but no way to mess with the archived data or delete inputs >> by mistake. >> >> On Tuesday, June 16, 2015 at 1:18:53 AM UTC-7, Jochen Schalanda wrote: >>> >>> Hi Mark, >>> >>> you could probably create read-only users and assign them to a stream >>> with messages relevant to them. >>> >>> Cheers, >>> Jochen >>> >>> >>> -- You received this message because you are subscribed to the Google Groups "graylog2" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Re: Received by deleted input on outdated node?
Hi Mark, you can create a stream containing all messages (e. g. by checking for the presence of the timestamp or message fields) and allow all users to read that stream (but not edit it). This way users can query for all messages (in that stream) but cannot modify anything. Cheers, Jochen On Tuesday, 16 June 2015 19:28:08 UTC+2, Mark Moorcroft wrote: > > > ALL messages are relevant to every user. And unless I don't have a firm > grasp of Streams, I found that option unacceptable. So I set up a second VM > with full search but no way to mess with the archived data or delete inputs > by mistake. > > On Tuesday, June 16, 2015 at 1:18:53 AM UTC-7, Jochen Schalanda wrote: >> >> Hi Mark, >> >> you could probably create read-only users and assign them to a stream >> with messages relevant to them. >> >> Cheers, >> Jochen >> >> >> -- You received this message because you are subscribed to the Google Groups "graylog2" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Re: Received by deleted input on outdated node?
ALL messages are relevant to every user. And unless I don't have a firm grasp of Streams, I found that option unacceptable. So I set up a second VM with full search but no way to mess with the archived data or delete inputs by mistake. On Tuesday, June 16, 2015 at 1:18:53 AM UTC-7, Jochen Schalanda wrote: > > Hi Mark, > > you could probably create read-only users and assign them to a stream with > messages relevant to them. > > Cheers, > Jochen > > > -- You received this message because you are subscribed to the Google Groups "graylog2" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Re: Received by deleted input on outdated node?
Hi Mark,
you could probably create read-only users and assign them to a stream with
messages relevant to them.
Cheers,
Jochen
On Monday, 15 June 2015 21:28:01 UTC+2, Mark Moorcroft wrote:
>
>
> And if I could link to the "master" mongoDB then obviously that would
> defeat the point of giving search ability to users without making them an
> admin on the master?
>
>
> On Monday, June 15, 2015 at 6:17:23 AM UTC-7, Jochen Schalanda wrote:
>>
>> Hi Mark,
>>
>> input configurations are being stored inside MongoDB and are linked to
>> the node ID. If your "slave" Graylog instance is either using another node
>> ID or isn't able to access the MongoDB with the input configurations,
>> you'll see the message ("deleted input on outdated node") in the web
>> interface.
>>
>> Cheers,
>> Jochen
>>
>> On Friday, 12 June 2015 21:52:50 UTC+2, Mark Moorcroft wrote:
>>>
>>> I asked this back in April and I'm still looking for an answer.
>>>
>>> I have a protected VM running graylog/mongo/elastic, and all of our
>>> actual graylog usage takes place on a slave VM due to the way user accounts
>>> work.
>>>
>>> My question is about the slave graylog log events. They all show
>>> "Received by deleted input on outdated node" presumably because none of the
>>> "inputs" are local, and the elastic index is also remote. Is this a
>>> configuration error on my part, or is this just a consequence of using this
>>> arrangement? Is there any way to have them appear with the input and node
>>> on the remote?
>>>
>>
--
You received this message because you are subscribed to the Google Groups
"graylog2" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[graylog2] Re: Received by deleted input on outdated node?
And if I could link to the "master" mongoDB then obviously that would
defeat the point of giving search ability to users without making them an
admin on the master?
On Monday, June 15, 2015 at 6:17:23 AM UTC-7, Jochen Schalanda wrote:
>
> Hi Mark,
>
> input configurations are being stored inside MongoDB and are linked to the
> node ID. If your "slave" Graylog instance is either using another node ID
> or isn't able to access the MongoDB with the input configurations, you'll
> see the message ("deleted input on outdated node") in the web interface.
>
> Cheers,
> Jochen
>
> On Friday, 12 June 2015 21:52:50 UTC+2, Mark Moorcroft wrote:
>>
>> I asked this back in April and I'm still looking for an answer.
>>
>> I have a protected VM running graylog/mongo/elastic, and all of our
>> actual graylog usage takes place on a slave VM due to the way user accounts
>> work.
>>
>> My question is about the slave graylog log events. They all show
>> "Received by deleted input on outdated node" presumably because none of the
>> "inputs" are local, and the elastic index is also remote. Is this a
>> configuration error on my part, or is this just a consequence of using this
>> arrangement? Is there any way to have them appear with the input and node
>> on the remote?
>>
>
--
You received this message because you are subscribed to the Google Groups
"graylog2" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[graylog2] Re: Received by deleted input on outdated node?
Hi Mark,
input configurations are being stored inside MongoDB and are linked to the
node ID. If your "slave" Graylog instance is either using another node ID
or isn't able to access the MongoDB with the input configurations, you'll
see the message ("deleted input on outdated node") in the web interface.
Cheers,
Jochen
On Friday, 12 June 2015 21:52:50 UTC+2, Mark Moorcroft wrote:
>
> I asked this back in April and I'm still looking for an answer.
>
> I have a protected VM running graylog/mongo/elastic, and all of our actual
> graylog usage takes place on a slave VM due to the way user accounts work.
>
> My question is about the slave graylog log events. They all show "Received
> by deleted input on outdated node" presumably because none of the "inputs"
> are local, and the elastic index is also remote. Is this a configuration
> error on my part, or is this just a consequence of using this arrangement?
> Is there any way to have them appear with the input and node on the remote?
>
--
You received this message because you are subscribed to the Google Groups
"graylog2" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
