Hi,
Does anyone build some advanced drools, where you accumulate data over some
time?
Here's nice example
http://ouce.opennms.eu/system/attachments/25/original/log_correlation.pdf
Tried to build something similar for graylog2, but no luck.
Any drool gurus here?
--
You received this
Hi,
Currently i have following graylog server settings:
output_batch_size = 1000
output_flush_interval = 1
processbuffer_processors = 20
outputbuffer_processors = 10
processor_wait_strategy = blocking
ring_size = 2048
And radio settings:
processbuffer_processors = 20
processor_wait_strategy =
Hi,
Is it possible to have different rotation strategies for different logs?
E.g. i want to have some logs for short-term storage and alerting. And some
logs are needed for 1-2 years.
Is it doable with single graylog-server instance or i need several?
If it's doable with several graylog
Hi Jochen,
Thanks for answers.
I'll try different scenarios. iptables seems easiest solution ;)
On Sunday, November 2, 2014 1:05:57 PM UTC+2, Jochen Schalanda wrote:
Hi Dmitri,
But how to upgrade radio without loosing any messages?
There are several ways to upgrade Graylog2 Radio
Hi,
I'm running full set of graylog2 (0.92 SNAPSHOT) - server, web interface
and radio. All works fine.
Upgrading of server is pretty easy. Just stop old version and start a new
one. No messages will be lost during server downtime, since radio is in use.
But how to upgrade radio without
Joseph,
You cannot telnet to UDP port (your netstat shows only udp port).
Here's my output:
$ netstat -ano | grep 12201 |grep -v ESTAB
tcp0 0 0.0.0.0:12201 0.0.0.0:*
LISTEN off (0.00/0/0)
udp0 0 0.0.0.0:12201
Lennart,
With GL 0.20.2-final i do not have any issues with missing logs.
All events i send to graylog2 now appear correctly in elasticsearch.
thanks,
On Friday, May 23, 2014 10:01:21 PM UTC+3, lennart wrote:
Hey everybody,
the final release of Graylog2 v0.20.2 has arrived:
Hi,
Try to set *rest_transport_uri = http://127.0.0.1:12900/* in you
graylog2.conf file.
With that setting everything works for me.
On Saturday, May 24, 2014 6:05:35 PM UTC+3, Ankit Mittal wrote:
Dear Lennart,
I am currently using graylog2 V0.20.1 in my development environment and
it
Very nice,
Extractor pages could have sample messages, so i can quickly verify that
extractor will work with my messages.
regards,
On Wednesday, May 21, 2014 3:54:19 AM UTC+3, lennart wrote:
Hey everybody,
we are happy to announce that we released the Graylog2 extractor
directory today.
?
Regards, Valle
Am Dienstag, 6. Mai 2014 08:24:27 UTC+2 schrieb Dmitri Stoljarov:
Hi,
I tried with localhost (127.0.0.1) yesterday, but no luck - i cannot
login to graylog webserver.
Graylog2 server has only localhosts in its configuration:
*rest_listen_uri = http://127.0.0.1:12900/
http
. On a new
hardware results were the same - not all logs are written into
elasticsearch if *output_batch_size* value is more than 1.
Do you have any ideas about this issue?
regards,
On Monday, May 5, 2014 10:14:53 PM UTC+3, Dmitri Stoljarov wrote:
Hi,
Just downloaded and installed graylog2 v
Hi,
Any esimated dates for next release with extened logging/debuging?
On Wednesday, March 12, 2014 2:36:13 PM UTC+2, Dmitri Stoljarov wrote:
Hi,
I'm running GL 0.20.1 (web server) on one dedicated server (16x2.93GHz,
32GB RAM) and Elasticsearch (v0.90.10) on second dedicated server
Hi,
Yes, my case seems different from described.
Meanwhile i've seen some changes in GL2 git-code for additional tracing.
Once updated GL2 will be available for download, i can run new tests and
share results.
My problem is described here
Hi,
This forum covers graylog related things, not logstash. Try to ask people
from logstash forum - https://groups.google.com/forum/#!forum/logstash-users
My 2 cents about your problem:
Latest logstash uses conditions (ifelseifelse). Check logstash
documentation for proper syntax.
Also
Hi,
I have very similar symptoms with GL 0.20.1. Some messages appear in
graylog2 much later, than they arrive there.
Imho, there's something strange with event buffering and ES output. I'm
just guessing on that.
May be GL2 team got some ideas about that.
regards,
On Monday, March 24, 2014
In my case i'm losing messages. Even sending 5 short events to graylog2, to
elasticsearch everytime written different number of logs. It can be 5 sent
- 1 written, then again 5 sent - 3 written. Sometimes after sending 5 event
there're written 10-20 events (older messages from buffer?).
Debug
Awesome!
On Wednesday, March 26, 2014 12:03:08 AM UTC+2, Kay Röpke wrote:
Hi Dmitri!
I will try to build you a version with improved logging tomorrow.
This seems generally useful as we should be able to figure this out
without custom versions, of course.
--
You received this
Any news/ideas about issue with missing logs?
On Thursday, March 13, 2014 10:16:03 AM UTC+2, Dmitri Stoljarov wrote:
Hi,
I don't have any drools or extractors configured.
Here's debug output (http://dimka.ee/foo/gl2-0.20.1_debug_output.txt).
Hope it helps somehow.
I sent 5 events
In additition to previous post i can share my graylog2 + elasticsearch
configurations:
http://dimka.ee/foo/graylog2-prod.conf.txt
http://dimka.ee/foo/graylog2-elasticsearch-prod.yml.txt
On Monday, March 17, 2014 4:40:45 PM UTC+2, Dmitri Stoljarov wrote:
Hi,
Started ES (0.90.10) in debug
Just did that.
On Friday, February 28, 2014 11:45:05 AM UTC+2, Kay Röpke wrote:
Interesting idea!
I don't think we have this on the roadmap yet. Care to create an issue for
it?
Thanks,
Kay
On Friday, February 28, 2014 9:47:42 AM UTC+1, Dmitri Stoljarov wrote:
Hi,
Is there any
Other nice to have feature is ability to save displayed columns (and their
order) in saved searches.
E.g. issue query, select required columns to display, set desired column
order and save this search with all settings you have applied.
On Tuesday, February 18, 2014 1:21:22 PM UTC+2, Martin
Hi,
Logical OR works for me with rc3 streams.
Create new stream, then add new stream rule.
Select required field, where you want to search for strings. It could be
either parsed field name, with strict values or it could be message (full
event). Both work well for me.
Select Type match regular
Hi,
One remark regarding GL2.
Logged in username or full name could be visible on top bar (or somewhere
else).
It may be also a link, which leads to user's settings page.
And user's current permissions (admin or reader) might be iconized next to
username.
regards,
On Tuesday, January 21,
Hi,
More playing with rc1 revealed following things:
- In Alerts, Field value condition. Entering long numbers (1 in my
case) causes bad number formatting
(http://dimka.ee/foo/alert_big_number_01.png)
- Message count condition page checks with javascript, that all required
form
0. Use latest graylog2. Setup it according instructions.
1. Create new graylog GELF UDP input. E.g. (port: 4450,bind_address:
0.0.0.0)
2. Configure logstash output:
output {
gelf {
type = your-name
port = 4450
host = graylog2_ip_address
facility = your-facility
}
}
3. Verify
25 matches
Mail list logo
