Hi Al,
the "timestamp" field has to be a Date object and not a string.
Additionally, the first parameter of your set_field() call seems odd
("$timestamp" instead of "timestamp").
This rule might work, although I haven't tested it:
rule "WO-CS-RAS"
when
Hello all,
I'm attempting to switch our logging infrastructure from the ELK stack to
Graylog, but I'm running into an issue with the pipeline rules and
replacing the timestamp field. Rule below:
rule "WO-CS-RAS"
when
Hi Rohit,
check the Graylog Marketplace for GELF appenders supporting
log4net: https://marketplace.graylog.org/addons?tag=log4net
Cheers,
Jochen
On Tuesday, 7 February 2017 17:53:54 UTC+1, rohit agarwal wrote:
>
> Hi,
>
> Please help in configuring graylog on centos7 with log4net logs to be
>
Hi,
Please help in configuring graylog on centos7 with log4net logs to be
shipped from windows servers in GELF format.
Share any link or doc for the same.
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and
Hi Shrawan,
since you've asked this question multiple times already (
https://groups.google.com/d/msg/graylog2/Qev2klwPmGQ/o0bTaXuyAwAJ,
https://groups.google.com/d/msg/graylog2/G7Z3yOiqrn8/e0ISsyEuAgAJ), you
should consider buying professional support at
Hi All,
We do have JSON data in the form
{
"data": [
{
"appName": "DemoApp",
"appVersion": "1.1",
"deviceId": "1234567",
"deviceName": "moto e",
"deviceOSVersion": "5.1",
"packageName": "com.abc.DemoApp",
"message": "testing null pointer exception",
"errorLog": "null pointer exception"
},
{
Hi all,
i have questions to queries for nxlog collectors with sidecar for windows.
In configure NXLog inputs there are Channl and query field.
Could you give more specific examples for querylist?
\
\
*\
*[System/Level=4]\
*[Application/Level=2]\
*[System/Level=3]\
*\
*\\
we need
Hum ok, the reason I want 1 system is I have services that span over the 3
sites. Please having one central location was the main objective. But maybe
one at each site may work out ok.
Thanks
On Tuesday, February 7, 2017 at 1:08:41 PM UTC, Jochen Schalanda wrote:
>
> Hi,
>
> On Tuesday, 7
Hi,
please read the documentation again:
http://docs.graylog.org/en/2.1/pages/geolocation.html#configure-the-message-processor
I've already quoted the relevant parts in my previous post.
You have to extract the information into separate fields. Currently
everything is in the "message" field.
Hi,
On Tuesday, 7 February 2017 13:46:36 UTC+1, SystemAdminUK wrote:
>
> Then at one site I have the web interface to query the data. This would
> mean I would not need to ship the logs offsite, and save on internet
> bandwidth. Is this a possible option?
>
Unfortunately that's not possible.
Here is some log for example:
---
message
192.168.99.1 date=2017-02-07 time=14:56:43 devname=PrimaryFGT
devid=FG100D3G16814848 logid=13 type=traffic subtype=forward
level=notice vd=root srcip=27.214.37.81 srcport=29770 srcintf="wan1"
Hi,
On Tuesday, 7 February 2017 13:46:47 UTC+1, CTuser wrote:
>
> Yes, of course.
> I'm getting lots of messages contain IPV4 from the FW.
>
Do they have any field that *only* contains an IPv4 address and no other
content?
Cheers,
Jochen
--
You received this message because you are
Hi Jochen,
Yes, of course.
I'm getting lots of messages contain IPV4 from the FW.
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to
Hi,
I need to setup graylog to cover 3 site locations including AWS. I'm
looking for the best way to achieve this with minimal overhead and traffic.
One option I thought could be possible is if I have a graylog database
server at each side, where the local servers send logs. Then at one site I
Hi,
Could you please explain how to make it work?
I've installed the plugin and enabled it.
Configured the pipeline as well and messages processed in the pipeline but
nothing appears in the metrics.
*I configured the following rule:*
---
rule
Hi,
are there any other messages which exclusively contain an IPv4 or IPv6
address in the "message" field?
I'll quote
http://docs.graylog.org/en/2.1/pages/geolocation.html#configure-the-message-processor
:
That’s it, at this point Graylog will start looking for fields *containing
>
Hi,
I followed
http://docs.graylog.org/en/2.0/pages/geolocation.html#configure-geolocation
in order to apply the Geo-Location feature.
I tested it with nc -w0 <<< '8.8.8.8' and it worked.
[image: image]
Wow - it must be something I have then. I have noscript, ublock origin - a
bunch of stuff, but I disabled some of them to test before sending the
email - I guess I missed one.
Found it - it was Ghostery: you're using "Hubspot" which Ghostery
classifies as a "customer tracker" and blocks. Sorry,
Hi Pablo,
On Monday, 6 February 2017 19:34:38 UTC+1, Pablo Daniel Estigarribia Davyt
wrote:
>
> As I have seen, there is no standard http post input only GELF in graylog?
> Or using tcp port could be possible? (I will try this and extractor
> configuration).
>
This will probably not work
Hi Frank,
On Monday, 6 February 2017 22:49:23 UTC+1, Frank Engler wrote:
>
> Any clue what is going wrong? Why is only the Socket example working and
> the
> Syslog test isn't?
>
This shows that the appender mechanism itself is working but that either
the Syslog appender doesn't work or that
Hi Rafael,
you can use https://grokdebug.herokuapp.com/ to play around with and debug
your Grok patterns.
FWIW, you're missing a backslash to escape the parenthesis after the
timestamp.
This pattern is working:
^\[%{TIME}\.[0-9]{0,3}\]\s+\[%{WORD:loglevel}\].*
Cheers,
Jochen
On Monday,
21 matches
Mail list logo