Re: [graylog2] Re: Extractor help - domain name only

Hi, I tested your second regex (what I need is the two words, facebok.com) and it works fine when there are three or more words, and sadly doesn't when there are exactly two words (http://facebook.com for example). Is there a way to add an alternation to the regex, like, if the first regex

Re: [graylog2] Re: Extractor help - domain name only

Hi, I tried your second regex (I need the two words, yes), and it works fine! There is one problem though, it doesn't work when there are exactly two words, because it does not find the first [^/]. How can I say in the regex that the [^/] is optionnal please ? Thanks lots. On Thursday, July

[graylog2] Re: No Warning and Error log from Windows EventLogs, sending in via NXLog

Hi everyone, Anyone could give a hand on these? Any setting that maybe I need to have a look again on the NXLog side or Graylog side? -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails

Re: [graylog2] Re: Backfilling graylog with past data

On Fri, Jul 15, 2016 at 2:50 AM, Jeremy Farr wrote: > Jason have you noticed any issues when adding to indices that are not the > currently active one? > No. My indices don't last more than an hour and I have shoved in data that was days old - so it definitely all went into

[graylog2] Re: Graylog slow processing.

On Friday, July 8, 2016 at 5:10:47 AM UTC-7, Hema Kumar wrote: > > Hi, >I am using graylog 1.3.3 with ES 1.7.5, from yesterday we are seeing > the process buffer filled up on the master node and the outgoing process is > too slow than normal, I have tried restarting GL and ES but did not

Re: [graylog2] Graylog slow processing.

Hi Jan, I could not figure out what the actual cause was, Only 1 node (Master) is causing this problem, i tried removing few extractors but did not help. As 2.0 upgrade is not possible now i upgraded to 1.3.4 but of no use. Messages are pouring in and output rate is too low, Only the process

[graylog2] Re: Trouble Receiving Syslog Messages

I got it working, turns out the sending syslog service takes a few minutes to start and I was just being impatient. That said, how do I add the Raw/Plaintext input? I understand how to add an input generally, but not one that is specifically for plain text. Thanks! Nathan On Wednesday, July

[graylog2] Re: Graylog indexes

ok, thanks On Thursday, July 14, 2016 at 11:56:32 AM UTC-3, Jochen Schalanda wrote: > > Hi Henrique, > > that's not possible with Graylog. > > What you can do, though, is create a separate stream for each of your > servers by filtering on the "source" field of the ingested messages. > > Please

[graylog2] Re: Backfilling graylog with past data

Thank you Jochen. On Wednesday, July 13, 2016 at 2:14:45 AM UTC-5, Jochen Schalanda wrote: > > Hi Jeremy, > > you can use Logstash or Filebeat (or any other log shipper) to backfill > data into Graylog, too. Simply point it to the file (or source) you want to > use as an input and use a GELF

Re: [graylog2] Re: Backfilling graylog with past data

Jason have you noticed any issues when adding to indices that are not the currently active one? On Thursday, July 14, 2016 at 2:35:26 AM UTC-5, Jason Haar wrote: > > > On Wed, Jul 13, 2016 at 7:14 PM, Jochen Schalanda > wrote: > >> Simply point it to the file (or source)

[graylog2] Re: Graylog indexes

Hi Henrique, that's not possible with Graylog. What you can do, though, is create a separate stream for each of your servers by filtering on the "source" field of the ingested messages. Please refer to http://docs.graylog.org/en/2.0/pages/streams.html for more information about streams.

[graylog2] Re: Plugin Development: POM for org.graylog.plugins:usage-statistics is missing

For anyone interested in a (dirty) workaround: I checked out version 2.0.0 of the usage statistics plugin and modified the version in the POM adding "-SNAPSHOT". After mvn install, I was able to build my plugin. -- You received this message because you are subscribed to the Google Groups

[graylog2] Dashboard Widget, Display Status

Hi, I'm looking for a way to display in a dashboard the status of a batch process that runs over several systems. Each system can produce a log entry that we can change and push to Graylog. I was hoping I could filter using a stream and present in a dashboard the last value for the status log

Re: [graylog2] Re: Elasticsearch cluster unhealthy (RED)

Hi Jochen, I see. Thanks for your reply. Anyway since I set Graylog to receive message from 5 sources (3 Windows server and 2 network devices) that Elasticsearch cluster health keep appearing. On Thu, Jul 14, 2016 at 3:16 PM, Jochen Schalanda wrote: > Hi Arief, > > the OVA

Re: [graylog2] Re: Extractor help - domain name only

Thanks a whole lot. I will try that at work tomorrow and update. -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view

Re: [graylog2] Re: Extractor help - domain name only

On Wed, Jul 13, 2016 at 10:57 PM, Zoizo wrote: > Well I'm a moron and forgot domain names could have more than two words > too so, I'm kinda lost as to what I can do here ^^' > Try a regex like "GET [a-z]+?://[^\.]+\.([^/]+)/" On "facebook.com" that would match "com".

Re: [graylog2] Re: Elasticsearch cluster unhealthy (RED)

Hi Arief, running graylog-ctl reconfigure will recreate the configuration file from our templates and reset your changes. Cheers, Jochen On Thursday, 14 July 2016 04:45:43 UTC+2, Arief Hydayat wrote: > > Hi Jochen, > > OK I give a try on that. > > > > *ubuntu@graylog:~$ cat

Re: [graylog2] Re: Elasticsearch cluster unhealthy (RED)

Hi Arief, the OVA is suited for small production setups. For the "real deal", we recommend setting up the components yourself (to be able to tweak them according to your use cases) using the official OS packages (DEB, RPM)

[graylog2] Re: How to deal with Journal Utilization is too high?

Hi Arief, the output_batch_size and output_flush_interval settings can be configured in Graylog's configuration file, and