Re: [graylog2] Re: Can't Show received messages from NetFlow input

> > > On Monday, August 15, 2016 at 3:25:09 PM UTC+6, Arief Hydayat wrote: >> >> Hi everyone, >> >> anyone can help me on these? I tried to put the time range but still >> returns me "Nothing found" >> As per incoming messages I saw alre

Re: [graylog2] Re: Can't Show received messages from NetFlow input

send test Netflow data with paessler netflow generator. > This works. The data could be displayed. > > Best regards > Martin > > > On Monday, August 15, 2016 at 11:25:09 AM UTC+2, Arief Hydayat wrote: > >> Hi everyone, >> >> anyone can help me on these? I

Re: [graylog2] Re: Can't Show received messages from NetFlow input

Hi everyone, anyone can help me on these? I tried to put the time range but still returns me "Nothing found" As per incoming messages I saw already reach to 4.4GB [image: Inline image 1] Is the log path for the Graylog Node is correct? Because I tried to tail -f the current log file shows

Re: [graylog2] Re: Can't Show received messages from NetFlow input

Hi Jochen, Thank you so much for your reply On Mon, Aug 8, 2016 at 2:52 PM, Jochen Schalanda wrote: > Hi Arief, > > check the logs of your Graylog node(s) for errors. > Sorry, is the Graylog node log same as Graylog server log under these file

[graylog2] Re: Can't Show received messages from NetFlow input

Hi everyone, Anyone can help me on these mater? Thank you :-) On Friday, August 5, 2016 at 5:49:09 PM UTC+8, Arief Hydayat wrote: > > Dear all, > > I'm trying to receive new input from NetFlow UDP. The plugin for NetFlow > support already install as the guide from here > &

[graylog2] Can't Show received messages from NetFlow input

Dear all, I'm trying to receive new input from NetFlow UDP. The plugin for NetFlow support already install as the guide from here . So I setup new NetFlow UDP input and sending its log from NetFlow. I can see the message coming in already:

[graylog2] Re: Get notice/next action from the Dashboard for message that we need (Warning, Error & Critical messages)

On Monday, August 1, 2016 at 3:55:04 PM UTC+8, Aykisn wrote: > > You can't display logs in dashboard with graylog. So yeah if you want to > see what those warning logs are, you will need to use a query (don't know > what you meant by "1 by 1"though). > Hi Aykisn, I mean 1 by 1 like I did above.

[graylog2] Re: Highly utilize RAM. Any option to reduce it?

on the separate machine I mean need to apply HA? On Monday, August 1, 2016 at 12:02:58 PM UTC+8, Arief Hydayat wrote: > > Hi Jochen, > > Thanks for your reply. Yes, I'm still using and running the OVA appliance > for testing. *I see.. so by right the those 3 components need to deploy &g

[graylog2] Re: Highly utilize RAM. Any option to reduce it?

Hi Jochen, Sorry for that, my bad. I'm asking about problems with the memory consumption in the virtual machine. The Graylog VM (that I deploy using OVA). -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and

[graylog2] Re: Filtering needed log message only (via Stream), and setup an alert

Hi Jochen, OK noted. Let me give a try first. I create an alert: Then after 5 minutes I receive the email alert from Graylog: ## Alert Description: Stream had 500 messages in the last 5 minutes with trigger condition more than 1 messages. (Current grace time: 0 minutes) Date:

[graylog2] Re: Highly utilize RAM. Any option to reduce it?

Sorry I mean, "While the memory always flat at almost 12GB usage" Typo just now. Once again sorry. -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to

[graylog2] Re: Highly utilize RAM. Any option to reduce it?

Hi Jochen, I didn't get your point with the VM problem? Mean on the VMWare side? Usually what kind of problem is it? So far just sometimes the CPU load become high While the memory always at alomost 12GB usage OK, mean better I do not change the json file? If found from the link given is

[graylog2] Re: Filtering needed log message only (via Stream), and setup an alert

s). What exactly do you want to achieve with the alert > condition? > > Cheers, > Jochen > > On Monday, 1 August 2016 05:55:54 UTC+2, Arief Hydayat wrote: >> >> Dear all, >> >> I'm trying to get the *Error (level: 3)* log message only for now. So I >&g

[graylog2] Re: Highly utilize RAM. Any option to reduce it?

Hi Jochen, Thanks for your reply. Yes, I'm still using and running the OVA appliance for testing. I see.. so by right the those 3 components need to deploy on the separate machine or how? Thank you for the link, very good read. Then may I reduce it back to 8GB and about the JVM heap setting

[graylog2] Re: Get notice/next action from the Dashboard for message that we need (Warning, Error & Critical messages)

Dear all, Anyone can give an advice on these? Do I must retrieve the log message that I need via query search only or is there any other way? On Monday, July 25, 2016 at 10:52:47 PM UTC+8, Arief Hydayat wrote: > > Hi everyone, > > > First of all I would like to say many thanks f

[graylog2] Highly utilize RAM. Any option to reduce it?

Dear all, I just upgrade the RAM from 8GM to 12GB but seems Graylog took a lot on it. ubuntu@graylog:~$ free -m total used free sharedbuffers cached Mem: 12015 11456 559 0 86 1661 -/+ buffers/cache: 9708

Re: [graylog2] Re: Elasticsearch cluster unhealthy (RED)

Hi Marcus, I'll look into the ElasticSearch again. Will get back to this post soon. Hm... not really understand but let me go to link that you provided. Thank you Marcus Thanks for your info about the plugin as well, I'll go and read about it as well ;-) On Friday, July 29, 2016 at 8:32:22 PM

[graylog2] Get notice/next action from the Dashboard for message that we need (Warning, Error & Critical messages)

Hi everyone, First of all I would like to say many thanks for your support. Especially Jochen and Marius. I'm still exploring the Graylog. Just create a simple dashboard so that I can see the visual data. Just wondering, from the Dashboard that I've create is to sort by Level. So if I get

Re: [graylog2] Re: Elasticsearch cluster unhealthy (RED)

gt; > On Wednesday, 20 July 2016 11:36:06 UTC+2, Arief Hydayat wrote: >> >> Hi Jochen, >> >> Thank you for your reply. After these 5 days the disk space utilization >> increase quite high. >> /dev/dm-0 212G 78G 126G 38% / >> >> Seems n

Re: [graylog2] How to remove Graylog set-external-ip

ing the line `external_rest_uri...` in > /etc/graylog/graylog-settings.json. Afterwards run graylog-ctl reconfigure. > > Cheers, > Marius > > On 25 July 2016 at 09:41, Arief Hydayat <pian.f...@gmail.com> wrote: > >> Hi everyone, >> >> Need your help. As I saw in t

[graylog2] How to remove Graylog set-external-ip

Hi everyone, Need your help. As I saw in the graylog-ctl script, I found command to bind Graylog server with the external IP: sudo graylog-ctl set-external-ip http[s]://:port/ Now I need to remove that setting. How I can do that? Simply by these command? sudo graylog-ctl set-external-ip

Re: [graylog2] Re: Elasticsearch cluster unhealthy (RED)

Hi Jochen, Thank you for your reply. After these 5 days the disk space utilization increase quite high. /dev/dm-0 212G 78G 126G 38% / Seems need to add more disk or just listed server that need to send all those log to the OVA Graylog. What do you think? Anyway regarding to the

Re: [graylog2] Re: Elasticsearch cluster unhealthy (RED)

Hi Jochen, Just wondering if I continue using these current OVA with default setting in indices is 2000 Max doc per index and current disk 200GB, how many target server we can add-in to send messages to the Graylog? I think it can't handle many also, as far I check message coming from 3

[graylog2] Re: No Warning and Error log from Windows EventLogs, sending in via NXLog

Hi everyone, Anyone could give a hand on these? Any setting that maybe I need to have a look again on the NXLog side or Graylog side? -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails

Re: [graylog2] Re: Elasticsearch cluster unhealthy (RED)

lation/operating_system_packages.html> > or the official config management scripts (Puppet, Chef, Ansible > <http://docs.graylog.org/en/2.0/pages/installation/config_management_tools.html> > ). > > Cheers, > Jochen > > On Thursday, 14 July 2016 05:18:04 UTC+2,

[graylog2] Re: How to deal with Journal Utilization is too high?

Hi Jochen, I see.. OK noted. I've increase the: - 4 vCPU to 6 vCPU, - 8GM Memory to 12GB Memory Those setting is under /opt/graylog/conf/graylog.conf file? -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and

Re: [graylog2] Re: Elasticsearch cluster unhealthy (RED)

Hi Jochen, Unfortunately still gives... Elasticsearch cluster unhealthy (RED) (triggered 2 minutes ago) What else we can do? Anyway I wanted to ask is the the OVA is the best practice to deploy and make it as production? -- You received this message because you are subscribed to the Google

Re: [graylog2] Re: Elasticsearch cluster unhealthy (RED)

Hi Jochen, OK I give a try on that. *ubuntu@graylog:~$ cat /opt/graylog/conf/graylog.conf | grep replica# How many Elasticsearch shards and replicas should be used per index? Note that this only applies to newly created indices.elasticsearch_replicas = 1* Then using vim editor and make

[graylog2] How to deal with Journal Utilization is too high?

Hi Graylog guru and users, I need help on how to deal with the Journal Utilization is too high? As I mention in the previous topic, the Graylog I deploy is from OVA appliance and currently running on version 2.0.3 with 1 cluster node. -- You received this message because you are subscribed to

[graylog2] No Warning and Error log from Windows EventLogs, sending in via NXLog

Hi Graylog guru and users, I've tried to send in log from few Windows Server (2008 and 2012) into Graylog server. As I found in documentation, I installed the official agent which is NXLog Community Edition to the target server. In the NXLog configuration file, I set to sending log via UDP and

Re: [graylog2] Re: Elasticsearch cluster unhealthy (RED)

Hi Jochen, Thanks for your reply. Here the output: health status index pri rep docs.count docs.deleted store.size pri.store.size yellow open graylog_9 4 121359520844.9mb 844.9mb yellow open graylog_8 4 1 200012630 7.3gb

Re: [graylog2] Re: Elasticsearch cluster unhealthy (RED)

Hi Marcus, Thanks a lot. Been few days trying and it was my bad. Suppose to be I change the localhost with the specific IP that I've been setup. the curl command that you given it's work now and I can get the return value of those command. >From the curl http://localhost:9200/_cat/indices

Re: [graylog2] Re: Elasticsearch cluster unhealthy (RED)

Hi Marcus, Thanks a millions and sorry for late response. I've try your step but it gave me: curl: (7) Failed to connect to localhost port 9300: Connection refused I'm try to have a look in the .yml file under: /opt/graylog/elasticsearch/config/elasticsearch.yml and have a look on the

[graylog2] Re: Elasticsearch cluster unhealthy (RED)

Hi everyone, Anyone can give a hand on this? On Wednesday, June 22, 2016 at 11:00:56 PM UTC+8, Arief Hydayat wrote: > > Hi Jochen, > > Hm.. OK. Then how could I make sure that there are no unassigned shards or > replicas in the Elasticsearch? Could you please assist me? > >

[graylog2] Re: Elasticsearch cluster unhealthy (RED)

"good enough", but not ideal. Make > sure that there are no unassigned shards or replicas in your Elasticsearch > cluster. > > Cheers, > Jochen > > On Tuesday, 21 June 2016 06:39:18 UTC+2, Arief Hydayat wrote: >> >> Hi Jochen, >> >> Thanks for your r

[graylog2] Re: Elasticsearch cluster unhealthy (RED)

earch node(s) for errors. You can > find the log files in the /var/log/graylog/elasticsearch (or > /var/log/elasticsearch) directory. > > Cheers, > Jochen > > On Monday, 20 June 2016 09:32:28 UTC+2, Arief Hydayat wrote: >> >> Dear Graylog users and Guru, >> >> N

[graylog2] Elasticsearch cluster unhealthy (RED)

Dear Graylog users and Guru, Needed your help. As in the previous post that I mentioned, I deploy the Graylog OVA appliance v2.0.0 and the system now can receive the message nicely and the VM already upgraded to 4 vCore CPU and 8GB memory. But, today I'm facing Elasticsearch cluster unhealthy

Re: [graylog2] Re: How to properly setup in order to receive multiple Graylog message inputs?

> <http://docs.graylog.org/en/2.0/pages/streams.html> - just setup e.g. one > stream per Windows machine and use the source field as filter criteria, so > you can view log events per machine. > > Best regards, tokred > > > On Friday, May 13, 2016 at 4:28:27 PM UTC+2, A

[graylog2] Re: How to properly setup in order to receive multiple Graylog message inputs?

ort of one of those > inputs. > > Cheers, > Jochen > > On Friday, 13 May 2016 04:17:46 UTC+2, Arief Hydayat wrote: >> >> >> <https://lh3.googleusercontent.com/-llvbD8PXEwQ/VzU5KcGEIiI/ANM/uSsAui3a2HgbcWa7Uo0zn8na9rW_vPeowCLcB/s1600/both_inputs.