[graylog2] Re: Sum values from squid field

2016-09-15 Thread Daniel Reif 
thanks man, now kibana is working :)

Em quarta-feira, 14 de setembro de 2016 20:05:39 UTC-3, Michael Anthon 
escreveu:
>
> Hi Daniel,
> In fact the only setting I have in that file is this
> elasticsearch.url: "http://127.0.0.1:9200";
>
> This is actually causing issues with the way graylog configures the 
> elasticsearch listener but changing this address to the local interface's 
> network address should fix that.
>
> That URL should be the only setting required to make Kibana work out of 
> the box.  Have a look 
> in /opt/graylog/elasticsearch/config/elasticsearch.yml for the 
> "network.host" and "http.port" settings to see how graylog has configured 
> the elasticsearch listener
>
> You can install Kibana on any machine that has network access to the 
> elasticsearch cluster
>
>
> On Thursday, 15 September 2016 04:10:05 UTC+10, Daniel Reif wrote:
>>
>> Michael Anthon, 
>> *you could publish your kibana.yml?I am unable to do Kibana find my 
>> ElasticSearch cluster and load messages.*
>> Em quarta-feira, 14 de setembro de 2016 03:17:44 UTC-3, Michael Anthon 
>> escreveu:
>>>
>>> No, you point Kibana at the elasticsearch instance and it "just works". 
>>>  There is an option in the Kibana to reload the fields from the indexes in 
>>> case they get messed up (sometimes happens when you change the field 
>>> extractors in a way that changes the types)
>>>
>>> On Friday, 9 September 2016 14:52:41 UTC+10, Aykisn wrote:

 Hello Michael,

 I'm really interested in this, have been looking for this feature since 
 graylog doesn't support it (yet).
 I have a question though, do you need to recreate the fields on kibana ?

 Thanks.

>>>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/08bfea12-63e9-47c5-839c-aeaf5f953f79%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Sum values from squid field

2016-09-14 Thread Michael Anthon 
Hi Daniel,
In fact the only setting I have in that file is this
elasticsearch.url: "http://127.0.0.1:9200";

This is actually causing issues with the way graylog configures the 
elasticsearch listener but changing this address to the local interface's 
network address should fix that.

That URL should be the only setting required to make Kibana work out of the 
box.  Have a look in /opt/graylog/elasticsearch/config/elasticsearch.yml 
for the "network.host" and "http.port" settings to see how graylog has 
configured the elasticsearch listener

You can install Kibana on any machine that has network access to the 
elasticsearch cluster


On Thursday, 15 September 2016 04:10:05 UTC+10, Daniel Reif wrote:
>
> Michael Anthon, 
> *you could publish your kibana.yml?I am unable to do Kibana find my 
> ElasticSearch cluster and load messages.*
> Em quarta-feira, 14 de setembro de 2016 03:17:44 UTC-3, Michael Anthon 
> escreveu:
>>
>> No, you point Kibana at the elasticsearch instance and it "just works". 
>>  There is an option in the Kibana to reload the fields from the indexes in 
>> case they get messed up (sometimes happens when you change the field 
>> extractors in a way that changes the types)
>>
>> On Friday, 9 September 2016 14:52:41 UTC+10, Aykisn wrote:
>>>
>>> Hello Michael,
>>>
>>> I'm really interested in this, have been looking for this feature since 
>>> graylog doesn't support it (yet).
>>> I have a question though, do you need to recreate the fields on kibana ?
>>>
>>> Thanks.
>>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/c5b60ead-35ac-4af0-a19e-ce23d442792c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Sum values from squid field

2016-09-14 Thread Daniel Reif 
Michael Anthon, 
*you could publish your kibana.yml?I am unable to do Kibana find my 
ElasticSearch cluster and load messages.*
Em quarta-feira, 14 de setembro de 2016 03:17:44 UTC-3, Michael Anthon 
escreveu:
>
> No, you point Kibana at the elasticsearch instance and it "just works". 
>  There is an option in the Kibana to reload the fields from the indexes in 
> case they get messed up (sometimes happens when you change the field 
> extractors in a way that changes the types)
>
> On Friday, 9 September 2016 14:52:41 UTC+10, Aykisn wrote:
>>
>> Hello Michael,
>>
>> I'm really interested in this, have been looking for this feature since 
>> graylog doesn't support it (yet).
>> I have a question though, do you need to recreate the fields on kibana ?
>>
>> Thanks.
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/8fe43979-d37b-48e7-af3a-e218490202e6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Sum values from squid field

2016-09-14 Thread Aykisn 
Yeah it's working fine, thanks.
Do you happen to use the maps in kibana too by any chance ?

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/452ceb6a-2146-4b4a-9a10-297ea217c8bc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Sum values from squid field

2016-09-13 Thread Michael Anthon 
No, you point Kibana at the elasticsearch instance and it "just works". 
 There is an option in the Kibana to reload the fields from the indexes in 
case they get messed up (sometimes happens when you change the field 
extractors in a way that changes the types)

On Friday, 9 September 2016 14:52:41 UTC+10, Aykisn wrote:
>
> Hello Michael,
>
> I'm really interested in this, have been looking for this feature since 
> graylog doesn't support it (yet).
> I have a question though, do you need to recreate the fields on kibana ?
>
> Thanks.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/bb2369d0-de74-4dcf-aedf-bac5e5022b64%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Sum values from squid field

2016-09-08 Thread Aykisn 
Hello Michael,

I'm really interested in this, have been looking for this feature since 
graylog doesn't support it (yet).
I have a question though, do you need to recreate the fields on kibana ?

Thanks.

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/596d4cf1-b11b-4bec-92d7-858289d68d07%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Sum values from squid field

2016-09-08 Thread Michael Anthon 


Just out of interest I have created a report that groups by user_id 
aggregates the data volume (Bytes Sent) from our IIS logs that are fed into 
Graylog.  Only took a few minutes...




On Friday, 9 September 2016 08:59:44 UTC+10, Michael Anthon wrote:
>
> I'm not sure if this can be done with graylog directly but if you install 
> Kibana somewhere and point it at your graylog elasticsearch instance you 
> can do some pretty amazing aggregations and reports.  The visualisation 
> feature in Kibana is fantastic for this kind of thing
>
> On Friday, 9 September 2016 03:17:15 UTC+10, Daniel Reif wrote:
>>
>> Hello,
>> I managed to get the logs coming from the squid using drools and sending 
>> logs through graylog-sidecar. The output was as the image below:
>>
>>
>>
>> As you can see I created the _size field, is there any way to add  the 
>> values of this field?
>>
>> My idea is to show how much each user consumed
>>
>>
>> Tks
>>
>> Daniel William Reif
>>
>>
>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/b31a9d63-649a-4703-8ef8-982993204774%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Sum values from squid field

2016-09-08 Thread Michael Anthon 
I'm not sure if this can be done with graylog directly but if you install 
Kibana somewhere and point it at your graylog elasticsearch instance you 
can do some pretty amazing aggregations and reports.  The visualisation 
feature in Kibana is fantastic for this kind of thing

On Friday, 9 September 2016 03:17:15 UTC+10, Daniel Reif wrote:
>
> Hello,
> I managed to get the logs coming from the squid using drools and sending 
> logs through graylog-sidecar. The output was as the image below:
>
>
>
> As you can see I created the _size field, is there any way to add  the 
> values of this field?
>
> My idea is to show how much each user consumed
>
>
> Tks
>
> Daniel William Reif
>
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/4926e821-f3e5-4bb8-99c8-ee1f60897154%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.