[graylog2] Process buffer full in 2 node cluster

Hi, I'm running Graylog 2.0.0-rc.1 in a 2 node cluster. First node is primary running all services. Second node is configured as backend. When the secondary node is down, the primary can output around 8k messages per second. Once the secondary node is up and running the output will get down

[graylog2] Re: 2.0 performance and possibly timeout problems

Nevermind i think i fixed it found the setting # Start server with --statistics flag to see buffer utilization. # Must be a power of 2. (512, 1024, 2048, ...) ring_size = 65536 and modified it to be 8192 seems to be processing events much better. On Friday, April 29, 2016 at 2:40:51 PM UTC-7,

[graylog2] 2.0 performance and possibly timeout problems

Hello, I was wondering if anyone encountered this problem after upgrading from 1.0 to 2.0 I have a 1node cluster running elasticsearch and greylog on the same box w/ 64gb of memory 12 cores 4ssd in raid. I figured out most of the problems after the upgrade but im having odd performance issues

[graylog2] Message truncated, WEF, nxlog, Graylog

I'm using Windows Event Forwarding (WEF) to collect the events on one server and then forward then using nxlog to Graylog. The default input, extractors are used but the problem is the messages are truncated (I'm not seing the data that is needed):

[graylog2] Re: How To Handle Messages With Incorrect Formats

Thank you Jochen. At first, I didn't understand the purpose of this approach. But I've since taken your suggestion and are now sending the Aruba syslog messages into a raw/plaintext input. I've since been able to apply grok patterns to extract data. At first this was confusing to me because I

Re: [graylog2] Re: Unable to start graylog-2.0.0-1.ova using oracle vm box in windows server 2008 R2 standard

Hi Nikhil, looks like you didn't enable hardware virtualization in the bios of your server? Also make sure that the host is a 64bit system. Cheers, Marius On 29 April 2016 at 18:59, nikhil shetty wrote: > I tried that as well , if I provide more than 3000 mb i get

Re: [graylog2] Re: Unable to start graylog-2.0.0-1.ova using oracle vm box in windows server 2008 R2 standard

I tried that as well , if I provide more than 3000 mb i get below error during startup and the vm window disappears VT-x is not available (VERR_VMX_NO_VMX). Result Code: E_FAIL (0x80004005) Component: ConsoleWrap Interface: IConsole {872da645-4a9b-1727-bee2-5585105b9eed} On Fri, Apr 29,

[graylog2] Re: Elasticsearch 2.0.0-5 Client announcing wrong URI

Those changes were made before I created this topic, so the log in my initial post was still accurate. But here's the weird part... I created the SSH tunnel which allowed the connection to the ES node to come up, which was a temporary workaround, but did the job. Then last night I was

[graylog2] Re: [Upgrade] 1.3.4 to 2.0

Thanks Jochen for quick response. I look forward to the manual upgrade documentation. Would you drop a note here when that is ready or if there is any page I can monitor, it would be great. Thanks On Friday, April 29, 2016 at 10:54:40 AM UTC-4, 123Dev wrote: > > Hi Jochen, > > Any advice on

[graylog2] Re: [Upgrade] 1.3.4 to 2.0

Hi, upgrading the OVAs and AMIs (which both are using the Graylog omnibus package) is currently not supported. We're currently working on some documentation for manually upgrading those virtual machine images in an existing setup. Cheers, Jochen On Friday, 29 April 2016 16:54:40 UTC+2,

Re: [graylog2] Re: Unable to start graylog-2.0.0-1.ova using oracle vm box in windows server 2008 R2 standard

Hi Nikhil, try providing a little bit more memory (minimum 4 GB) for the virtual machine. Cheers, Jochen On Friday, 29 April 2016 17:00:07 UTC+2, nikhil shetty wrote: > > Hi Jochen , > > Thanks for taking time for this . > > Below is the setting > > base memeory - 3000mb > boot order - hard

[graylog2] Re: [Upgrade] 1.3.4 to 2.0

Hi Jochen, Any advice on upgrading AWS image based 1.3 deployment to 2.0? The cluster is made of two Graylog Servers, two datanode servers and one web portal (ES running on Graylog Servers and Datanode Servers, MongoDB running on GS Servers). Should one be upgrading ES and MongoDB on each

Re: [graylog2] Re: Unable to start graylog-2.0.0-1.ova using oracle vm box in windows server 2008 R2 standard

Hi Jochen , Thanks for taking time for this . Below is the setting base memeory - 3000mb boot order - hard disk chipset - ICH9 Extended feature - Enable I/O APIC We copied the OVA and VM into the server and , after that started the oracle vm and below steps we double clicked the graylog ova

[graylog2] Re: Permission denied while trying to launch graylog-server

Hi Boris, if you have the same error message you didn't fix the issue. Cheers, Jochen On Friday, 29 April 2016 13:54:08 UTC+2, Boris Rousseau wrote: > > Hi Jochen, > > It does not change anything ! > Still having same errors ... > > cheers, > Boris > > Le vendredi 29 avril 2016 12:19:32 UTC+2,

[graylog2] Re: How to access field value in pipeline rules

Jochen- The rule works now thanks to your clarifications, but now I've got a new question: When I apply the pipeline with that rule to the App 1 stream (matches exactly on "source: app 1"), it doesn't forward anything to my tomcat stream. Even when I set the condition to true to let

[graylog2] Re: Permission denied while trying to launch graylog-server

Hi Jochen, It does not change anything ! Still having same errors ... cheers, Boris Le vendredi 29 avril 2016 12:19:32 UTC+2, Jochen Schalanda a écrit : > > Hi Boris, > > the error message is kind of swamped by the other messages, but this is > the relevant one: > > ESC[32mgraylog_1 |

[graylog2] Re: Permission denied while trying to launch graylog-server

Hi Boris, the error message is kind of swamped by the other messages, but this is the relevant one: ESC[32mgraylog_1 | ESC[0m ESC[32mgraylog_1 | ESC[0m321) Error injecting constructor, java.io.IOException: Permission denied ESC[32mgraylog_1 | ESC[0m at

[graylog2] Re: Elasticsearch 2.0.0-5 Client announcing wrong URI

Hi Bryan, if you don't tell us exactly what you've changed and what the error message was after the change, we can't possibly help you. Cheers, Jochen On Thursday, 28 April 2016 17:26:16 UTC+2, Bryan Vukich wrote: > > Hello Jochen, > > I have elasticsearch_network_host,

[graylog2] Re: How to access field value in pipeline rules

Hi Ross, you need to tell the route_to_stream function whether you're specifying the *stream id* or the *stream name*, see

[graylog2] Re: Permission denied while trying to launch graylog-server

Hi Boris, could you please post the complete error log that Docker outputs? Cheers, Jochen On Friday, 29 April 2016 08:45:28 UTC+2, Boris Rousseau wrote: > > Hello, > > I followed this instructions to launch graylog server with docker-compose > https://hub.docker.com/r/graylog2/server/ > >

[graylog2] Re: How To Handle Messages With Incorrect Formats

Hi Jacob, you can use a Raw/Plaintext TCP or UDP input for this and extract the required information via some extractors, see http://docs.graylog.org/en/2.0/pages/extractors.html for details. Cheers, Jochen On Friday, 29 April 2016 03:49:56 UTC+2, Jacob wrote: > > Hello, > > I'm have a

[graylog2] Re: Unable to start graylog-2.0.0-1.ova using oracle vm box in windows server 2008 R2 standard

Hi Nikhil, how exactly did you set up the virtual machine (all settings) and how exactly did you import the provided OVA into VirtualBox? Cheers, Jochen On Friday, 29 April 2016 01:37:32 UTC+2, nikhil shetty wrote: > > Hi , > > I am trying to start graylog-2.0.0-1.ova using Oracle >

[graylog2] Re: How to access field value in pipeline rules

Hi Ross, this should work: to_string($message.tag) == "tomcat" at least my case its working On Thursday, April 28, 2016 at 11:56:25 PM UTC+3, Ross wrote: > > Hi- > > I'm trying to create a pipeline to send messages to another stream based > on the application that generated it. In the

[graylog2] Permission denied while trying to launch graylog-server

Hello, I followed this instructions to launch graylog server with docker-compose https://hub.docker.com/r/graylog2/server/ However, when I do a docker-compose up, I end up with the following error : graylog_1 | 2016-04-29 06:41:20,417 ERROR: org.graylog2.bootstrap.CmdLineTool - Guice