[graylog2] Re: javax.net.ssl.SSLPeerUnverifiedException: Hostname 10.22.5.24 not verified - https

Hi Giwenn, On Thursday, 2 February 2017 14:20:17 UTC+1, Giwenn Launay wrote: > > You have another solution ??? > What didn't work with the one outlined in the Graylog documentation? Cheers, Jochen -- You received this message because you are subscribed to the Google Groups "Graylog Users"

[graylog2] Re: How to solve this alert? Notification condition [NO_MASTER] has been fixed.

Hi Aitor, please post the logs of your Graylog and ES nodes: http://docs.graylog.org/en/2.1/pages/configuration/file_location.html#deb-package Cheers, Jochen -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group

[graylog2] Re: javax.net.ssl.SSLPeerUnverifiedException: Hostname 10.22.5.24 not verified - https

Hi Giwenn, you have to add your self-signed certificate to the JVM's trust store: http://docs.graylog.org/en/2.1/pages/configuration/https.html#adding-a-self-signed-certificate-to-the-jvm-trust-store Cheers, Jochen On Thursday, 2 February 2017 12:43:47 UTC+1, Giwenn Launay wrote: > > Hello, >

[graylog2] Re: How to solve this alert? Notification condition [NO_MASTER] has been fixed.

Hi Aitor, please post the logs of your Graylog node, your Graylog configuration (including JVM settings), and some details about the hardware of the machine running Graylog. Cheers, Jochen On Thursday, 2 February 2017 07:57:34 UTC+1, Aitor Mendoza wrote: > > Hello, > > Since I configured my

Re: [graylog2] Re: Error on start

Hi Tzvi, there you have it. 104.196.203.4 is not a valid IP address of the machine running Graylog. Why did you use that in your configuration? Cheers, Jochen On Wednesday, 1 February 2017 22:56:06 UTC+1, Tzvi Moshe Arnstein wrote: > > the output is as follows: > 1: lo:

[graylog2] Re: Error on start

Hi Tzvi, judging from the logs and your configuration, are you sure that 104.196.203.4 is a valid IP address of the machine running Graylog? What's the output of *ip addr show* on that machine? Cheers, Jochen -- You received this message because you are subscribed to the Google Groups

[graylog2] [ANN] Graylog 2.2.0-rc.1 has been released

Hi everyone, I'm proud to announce the release of Graylog 2.2.0-rc.1, the first (and hopefully last) release candidate of the Graylog 2.2.x line. We've put a lot of work into this release to bring you interesting features like improved retention and rotation (index sets) and enhanced alerting.

[graylog2] Re: You are running an outdated Graylog version even after upgrade from 2.1.x to 2.1.3

Hi Sinai, you can close/delete that notification by clicking on the 'X' in the upper right corner of the notification in the Graylog web interface. Cheers, Jochen On Wednesday, 1 February 2017 16:31:43 UTC+1, Sinai Rijkov wrote: > > > Hi , guys! > > Issue error from web interface - > > > You

[graylog2] [ANN] Graylog 2.1.3 has been released

Hi everyone, we recently released Graylog 2.1.3, a bug-fix release in the Graylog 2.1.x release line. This will most likely be the last release for Graylog 2.1.x (unless some serious blockers or security bugs come up). Please find the release notes and download links at:

[graylog2] Re: Notification condition [NO_MASTER] has been fixed.

Hi Peter, are these really the complete logs? I'm missing startup messages of Graylog… This being said, the current_server.txt file shows some Java GC messages with really long pauses. This causes the Graylog node to drop out of the list of "active" nodes. What are the hardware specs of these

[graylog2] Re: reading access log

Hi Nicolas, On Wednesday, 1 February 2017 15:36:50 UTC+1, nic...@adgorithms.com wrote: > > I'm doing this request: curl -XGET -u user:password " > http://11.44.999.777/search?rangetype=relative=message%2Csource=1920==28800=source%3Aapache%5C-access > " > You're missing the --location or -L

[graylog2] Re: Notification condition [NO_MASTER] has been fixed.

Hi Peter, please post the logs of your Graylog node(s). On Wednesday, 1 February 2017 14:36:09 UTC+1, Peter Dudas wrote: > > Shall we add the server which has no elasticsearch to the > 'elasticsearch_discovery_zen_ping_unicast_hosts'? > No, that setting should only contain the address(es) of

[graylog2] Re: Error on start

Hi Tzvi, On Wednesday, 1 February 2017 13:10:04 UTC+1, Tzvi Moshe Arnstein wrote: > > I'm running with sudo and as per the tutorial it should be 9000 for both > see http://docs.graylog.org/en/2.1/pages/installation/os/ubuntu.html > Any other ideas? > Please post your Graylog configuration file,

[graylog2] Re: Replicate settings to second site

Hi Frank, On Wednesday, 1 February 2017 12:48:03 UTC+1, Frank wrote: > > Are there any plans to add the possibility to select pipelines for the > content pack export? > Yes, in the long run but not in the immediate future. Cheers, Jochen -- You received this message because you are

[graylog2] Re: Pipeline rule question

Hi Peter, On Tuesday, 31 January 2017 09:18:25 UTC+1, Peter Dudas wrote: > > So the question: is it possible to use conditional actions after the Then > part (like a CASE sequence)? > No, that's currently not possible. We plan to implement functionality in the message processing pipelines to

[graylog2] Re: Logstash-Graylog JSON array

Hi Shrawan, On Wednesday, 1 February 2017 12:09:19 UTC+1, Shrawan Bhagwat wrote: > > This JSON array, it's still not giving output on Graylog UI. > > Please guide. > I already pointed you at a potential solution: On Wednesday, 1 February 2017 15:20:53 UTC+5:30, Jochen

[graylog2] Re: reading access log

Hi Nicolas, On Wednesday, 1 February 2017 11:33:04 UTC+1, nic...@adgorithms.com wrote: > > Apache access log > You can use Filebeat or nxlog (configured with the Graylog Collector Sidecar) to send it to Graylog and a Grok extractor to extract useful information from these logs. See these

[graylog2] Re: Logstash-Graylog JSON array

-45BA-9A13-592D96BA6C98"; > deviceName = "x86_64"; > deviceOSVersion = "9.3"; > exception = "*** -[__NSArray0 objectAtIndex:]: index 23 beyond bounds for > empty NSArray\n"; > packageName = "com.tcs.ultimatix.DemoApp"; > } > ); >

[graylog2] Re: Unable to start graylog web interface

Hi Pavan, On Wednesday, 1 February 2017 10:20:40 UTC+1, Pavan Singh wrote: > > How to identify the other instance which is running and how to kill it. > You can use the netstat or lsof command to find out which processes are listening on a specific port. Cheers, Jochen -- You received this

[graylog2] Re: Starting the server getting the exception

Hi Pavan, the error message "Address already in use" should be pretty obvious. Check if there are any other inputs listening on port 5140/tcp. Cheers, Jochen On Wednesday, 1 February 2017 10:06:00 UTC+1, Pavan Singh wrote: > > It is saying address already in used, But i am unable to identify

[graylog2] Re: reading access log

Hi Nicolas, On Wednesday, 1 February 2017 10:39:15 UTC+1, nic...@adgorithms.com wrote: > > I configured my access log in Greylog, and wanted to read it through the > API, is there a way? > Which access log specifically? Cheers, Jochen -- You received this message because you are subscribed

[graylog2] Re: reading access log

Hi Nicolas, On Wednesday, 1 February 2017 09:45:28 UTC+1, nic...@adgorithms.com wrote: > > Hi! I'm trying to read the access log in my Graylog account and I was > wondering how I should do it! > What kind of access logs do you want to ingest and what did you already try to accomplish this?

[graylog2] Re: Tag by Site

Hi Joe, On Tuesday, 31 January 2017 20:48:02 UTC+1, Joe G wrote: > > If I have numerous streams (i.e. one for linux, one for networking, etc), > can I tag them somehow based on the IP CIDR of the sending devices so I can > use a tag such as site or region to filter my traffic? > That's

[graylog2] Re: Error on start

Hi Tzvi, check your rest_listen_uri and web_listen_uri settings and make sure that they are correct. For example the IP address (or hostname) used in those settings has to be set up on the machine running Graylog and the port usually has to be >1024, if Graylog is being run by a non-superuser.

Re: [graylog2] Re: graylog pfsense suricata

Hi Sean, that's not the full information I've asked for. Unless you tell us how you've configured things specifically, we (or at least I) cannot help you. Cheers, Jochen On Tuesday, 31 January 2017 11:29:34 UTC+1, sean harvey wrote: > > Which inputs are running in Graylog and how did you

[graylog2] Re: graylog pfsense suricata

Hi Sean, it looks like you're sending plaintext to a GELF input. Please check that you're using the correct input type in Graylog. Cheers, Jochen On Tuesday, 31 January 2017 11:03:55 UTC+1, sean harvey wrote: > > Good Day, > > have a pfsense suricata pointing to graylog syslog udp input not

[graylog2] Re: 404 Error size estimator

Hi Artyom, the sizing estimator has intentionally been removed (since its value and results were questionable) and won't come back. Cheers, Jochen On Tuesday, 31 January 2017 09:54:46 UTC+1, Artyom Davydov wrote: > > Hi, size estimator tool is unavailble. >

[graylog2] Re: Maps no longer function if geolocation points are mapped in ElasticSearch to proper geo_points (as opposed to strings)

Hi, see https://github.com/Graylog2/graylog-plugin-map-widget/issues/7 and https://github.com/Graylog2/graylog2-server/issues/2113 for related issues. Cheers, Jochen On Tuesday, 31 January 2017 02:16:03 UTC+1, GraylogUser wrote: > > Summary: > If geolocation data is mapped to geo_points in

[graylog2] Re: Custom GrayLog Web Plugin Error "Cannot read property 'call' of undefined"

Hi Bill, please make sure that the plugin was built against the matching version of Graylog and that your browser doesn't cache an old version of the JavaScript assets. Cheers, Jochen On Tuesday, 31 January 2017 06:46:54 UTC+1, Bill Murrin wrote: > > Hi everyone, > > I'm attempting to build a

[graylog2] Re: Is it possible to use values in maps other than message count?

Hi, On Tuesday, 31 January 2017 03:31:35 UTC+1, GraylogUser wrote: > > Is it possible to 'graph' the values from these fields (say, bytes) on a > map? > That's currently not possible. Feel free to create a feature request at https://github.com/Graylog2/graylog-plugin-map-widget/issues Cheers,

[graylog2] Re: Changing timestamps?

Hi Tom, do the syslog messages from SUSE Linux on "Input 2" contain any timezone information? If not, Graylog automatically assumes UTC. See https://github.com/Graylog2/graylog-guide-syslog-linux/blob/master/README.md#syslog-ng for configuration hints. Cheers, Jochen On Monday, 30 January

[graylog2] Re: error when start graylog

Hi, it looks like there is some error with the startup script or one of the settings is wrong. How exactly did you install Graylog and how did you configure it? Cheers, Jochen On Monday, 30 January 2017 12:23:19 UTC+1, amirhu...@gmail.com wrote: > > hi > we config Graylog with package and in

[graylog2] Re: graylog error

Hi, On Monday, 30 January 2017 08:41:37 UTC+1, amirhu...@gmail.com wrote: > > how can i assign the root_password_sha2 configuration setting manually??? > Simply edit your Graylog configuration file and fill the line with root_password_sha2

[graylog2] Re: graylog error

Hi, those 2 commands work for me. How exactly are you entering and executing them and which shell are you using? Of course you can also simply assign the root_password_sha2 configuration setting manually in your Graylog configuration file. Cheers, Jochen On Sunday, 29 January 2017 13:09:19

[graylog2] Re: Update Nginx in Graylog VMWare image ?

Hi Yaniv, nginx on the Graylog virtual machine images is part of the Graylog Omnibus package, see https://github.com/Graylog2/omnibus-graylog2 for details. It's not possible to update nginx using the regular package management of Ubuntu Linux. Cheers, Jochen On Sunday, 29 January 2017

[graylog2] Re: Where to find downloadable rpms

Hi Bryan, you can find the RPMs at https://packages.graylog2.org/el/stable/2.1/x86_64. Cheers, Jochen On Friday, 27 January 2017 16:20:31 UTC+1, bryan wigianto wrote: > > Hi, > > I'm looking for the latest graylog server rpms. I used to get them from > https://packages.graylog2.org/el/6 but it

[graylog2] Re: Writing rules like Syslog Severity Mapper

Hi, you could build such a function yourself, see https://www.graylog.org/blog/71-writing-your-own-graylog-processing-pipeline-functions for an example. Cheers, Jochen On Friday, 27 January 2017 15:21:46 UTC+1, Art Phrases wrote: > > Hi, I would like to know, whether it is possible to add

[graylog2] Re: Graphing/ charting value matching a pattern inside message

Hi, you have to extract that value (using extractors or pipeline rules) and write it into a new field (as numeric value). then graph on that message field. See http://docs.graylog.org/en/2.1/pages/extractors.html and http://docs.graylog.org/en/2.1/pages/pipelines.html for details. Cheers,

[graylog2] Re: Graylog : custome dashboard

Hi, On Thursday, 26 January 2017 15:18:48 UTC+1, Benbrahim Anass wrote: > > is this feature going to be available in the near future? > No, that's unlikely. Cheers, Jochen -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from

[graylog2] Re: Graylog : custome dashboard

Hi, custom tables on a Graylog dashboard are currently not possible. You could write a plugin for this, though: http://docs.graylog.org/en/2.1/pages/plugins.html Cheers, Jochen On Thursday, 26 January 2017 13:56:34 UTC+1, Benbrahim Anass wrote: > > Hi everyone, > i'm wondering if there is a

[graylog2] Re: help input failing : graylog input format

s are important to save > Thank you > > Le mardi 24 janvier 2017 08:21:11 UTC, Jochen Schalanda a écrit : >> >> Hi, >> >> how are you sending messages to Graylog? What's your network setup? Did >> you check your firewall rules and that the routing is correct

[graylog2] Re: Gralylog alert not generating alert with actual number

Hi Rayees, which version of Graylog are you using? Cheers, Jochen On Monday, 23 January 2017 17:03:09 UTC+1, Rayees Namathponnan wrote: > > Hi All, > > I have written a script to generate 501 message / second with 1 unique > string in 501 th to generate alert, if you run the script it

[graylog2] Re: Alerts not getting triggered Graylog v2.0.1

Hi Rakesh, please create a bug report for this at https://github.com/Graylog2/graylog2-server/issues and include all relevant information, such as your Graylog configuration, your alert definitions, and the contents of the "alerts" collection in MongoDB if possible. Cheers, Jochen On

[graylog2] Re: Graylog Processing

; is driving me potty! > > Thanks > Pete. > > On Friday, 20 January 2017 12:23:00 UTC, Jochen Schalanda wrote: >> >> Hi Peter, >> >> are the versions of Graylog identical? >> Are you using any extractors? >> Are you using any processing pipeline rules?

[graylog2] Re: Complex Search in a Stream

Hi Tom, On Tuesday, 24 January 2017 20:44:53 UTC+1, Tom Powers wrote: > > What is the syntax to use a saved search in a Stream? That is eluding me > right now > I'm not sure we're talking about the same things. Saved searches are simply stored search queries which can be loaded (not their

[graylog2] Re: Replicate settings to second site

Hi Frank, if you want to clone all settings, you have to use a MongoDB dump. If inputs/streams/dashboards/outputs are enough, take a look at content packs. Cheers, Jochen On Tuesday, 24 January 2017 20:27:24 UTC+1, Frank wrote: > > Hi, > > I got two Graylog clusters running. On at the primary,

[graylog2] Re: Complex Search in a Stream

Hi Tom, On Tuesday, 24 January 2017 16:30:50 UTC+1, Tom Powers wrote: > > So...if I am understanding you correctly, I can NOT call a saved search in > a stream at all. > Sure, saved searches can also be used in streams (as they are simply that: saved search queries). So...Pipelines are the

[graylog2] Re: Complex Search in a Stream

Hi Tom, On Tuesday, 24 January 2017 14:49:58 UTC+1, Tom Powers wrote: > > The rule only seems to give me the one category/operator/criteria choice > per rule. So in the search abovewhat would the rule structure look like > to get the same result? > You can use multiple rules per stream and

[graylog2] Re: RAW/Plaintext Input issues

Hi Cody, what type of input did you create in Graylog? How exactly did you configure it? Cheers, Jochen On Monday, 23 January 2017 22:09:37 UTC+1, Cody wrote: > > Hi, > > I've had graylog running fine for awhile with GELF and SYSLOG inputs, i'm > trying to set up a raw text input now and

[graylog2] Re: Complex Search in a Stream

Hi Tom, On Tuesday, 24 January 2017 00:37:17 UTC+1, Tom Powers wrote: > > OK...streams and alerts for them are very cool...but it seems I can do > much more in the search field than the stream field. > What exactly is the "stream field"? The search bar in the Universal Search and in a stream

[graylog2] Re: graylog search cheat sheet

Hi Rayees, see http://docs.graylog.org/en/2.1/pages/queries.html for a description of the search queries in Graylog. Cheers, Jochen On Tuesday, 24 January 2017 01:55:32 UTC+1, Rayees Namathponnan wrote: > > Is there any cheat sheet for search in graylog, looking something like in > spluck,

[graylog2] Re: help input failing : graylog input format

Hi, how are you sending messages to Graylog? What's your network setup? Did you check your firewall rules and that the routing is correct? Did you check with Wireshark or a similar tool, if the messages actually reached Graylog? Cheers, Jochen On Monday, 23 January 2017 23:35:13 UTC+1, jony

[graylog2] Re: help input failing : graylog input format

Hi, On Monday, 23 January 2017 19:33:33 UTC+1, jony wrote: > > when i use the client server's adress in the bind adress ,i get the > message "failed " next to input > Why would you do that? The bind (or listen) address is the IP address *on the server* which the input should listen on.

[graylog2] Re: License Plugin

Hi Felix, On Monday, 23 January 2017 10:55:16 UTC+1, muefelan muefelan wrote: > > > *Where can I find the plugin to install a license ? * > The license plugin is part of the Graylog Enterprise offering: https://www.graylog.org/enterprise Cheers, Jochen -- You received this message because

[graylog2] Re: help input failing : graylog input format

Hi, On Sunday, 22 January 2017 23:43:49 UTC+1, jony wrote: > > 1-i would like to connect many servers to my gray server through tcp ,is > there a way to do that without implementing a new input for each client ? > Sure, simply send the messages from all clients (using the same protocol) to the

[graylog2] Re: Good list of rules?

Hi Tom, On Monday, 23 January 2017 03:08:22 UTC+1, Tom Powers wrote: > > Just a questionthe more rules I build, the more I wonder what I'm > missing > > Ate there any good places to go for rules creation? I work on Windows > networks primarily. > The Graylog Marketplace might give you

[graylog2] Re: help input failing : graylog input format

Hi, On Sunday, 22 January 2017 14:06:40 UTC+1, jony wrote: > > i think it is text based but can you confirm that to me ,here's a link of > the detailed log format : https://kb.cyberoam.com/default.asp?id=1808 > This looks relatively easy to parse with extractors or the message processing

[graylog2] Re: help input failing : graylog input format

Hi, On Saturday, 21 January 2017 23:00:58 UTC+1, jony wrote: > > Can someone please help me. I've tried different types of input in the > list but none of them seems to enable the connection ,and my input fails . > If the format is text-based, you can use a Raw/Plaintext UDP or TCP input and

[graylog2] Re: Graylog SaltStack Formula in the marketplace

Hi Brandon, thanks for sharing! Cheers, Jochen On Sunday, 22 January 2017 09:59:13 UTC+1, BKeep wrote: > > I have been working on this for a little while and wanted to share what I > have so far. I created a SaltStack formula for deploying Graylog. I also > created supporting formulas for

Re: [graylog2] my first syslog input is failing

On Sunday, 22 January 2017 12:54:20 UTC+1, Jochen Schalanda wrote: > > On Sunday, 22 January 2017 06:19:21 UTC+1, JayJay wrote: >> >> Changed user to root, restarted server, and the input is starting ok now. >> >> > > From a security perspective, that

Re: [graylog2] my first syslog input is failing

Hi Jason, On Sunday, 22 January 2017 06:19:21 UTC+1, JayJay wrote: > > Changed user to root, restarted server, and the input is starting ok now. > >From a security perspective, that's a very bad idea and I'd recommend to use one of the other mechanisms described in the documentation:

[graylog2] Re: log4j syslogappender and Graylog compatibility

Hi Gary, I haven't tried it out personally, but if the Syslog Appender adheres to RFC 3164 or RFC 5424, it should be fine (also see https://github.com/Graylog2/graylog-guide-syslog-linux/blob/master/README.md for some details about the recommended format). You can also use one of the many

[graylog2] Re: Graylog Processing

Hi Peter, are the versions of Graylog identical? Are you using any extractors? Are you using any processing pipeline rules? Cheers, Jochen On Friday, 20 January 2017 11:01:36 UTC+1, Peter Griggs wrote: > > Hi > > Both are identical. :-/ > > 1 GeoIP Resolver active > 2 Pipeline Processor active

[graylog2] Re: Graylog Processing

PsXV5IIQN-GU9gf5V6_PEl00YXcygCLcB/s1600/graylog.png> > Pete. > > On Thursday, 19 January 2017 09:34:34 UTC, Jochen Schalanda wrote: >> >> Hi Peter, >> >> On Thursday, 19 January 2017 10:26:15 UTC+1, Peter Griggs wrote: >>> >>> I have two grayl

[graylog2] Re: Manipulating pipelines via REST API by non-admin user in Graylog 2.1.2

Hi Henri, On Thursday, 19 January 2017 20:30:51 UTC+1, Henri Volotinen wrote: > > But I wonder, what permissions do I need to grant to a non-admin system > user that should only be allowed to read and write stuff related to > pipelines? > You can find the pipeline-related permissions at

Re: [graylog2] Re: Can't open web console on host IP

Hi Jason, what's the output of the following commands on that server: - ip addr show - hostname - hostname -f - hostname -a - hostname -i Cheers, Jochen On Friday, 20 January 2017 02:50:23 UTC+1, JayJay wrote: > > Hi Jochen, > > Yes, I'm sure. I'm on a standard internal

[graylog2] Re: Does sidecar/filebeat support recursive subfolders specified by '*'

Hi Evgueni, On Thursday, 19 January 2017 23:04:39 UTC+1, Evgueni Gordienko wrote: > > Does sidecar/filebeat support recursive subfolders specified by '*'? > Yes, Filebeat supports globs: https://www.elastic.co/guide/en/beats/filebeat/current/configuration-filebeat-options.html#_paths Cheers,

[graylog2] Re: Event Log stream rules

Hi Chris, On Thursday, 19 January 2017 21:19:44 UTC+1, chrispro wrote: > > Are there any ready-to-use stream rules? > Check out the Graylog Marketplace: https://marketplace.graylog.org/ Cheers, Jochen -- You received this message because you are subscribed to the Google Groups "Graylog

Re: [graylog2] Re: large searches kill ES - can graylog stop this?

Hi Jerri, On Thursday, 19 January 2017 19:42:28 UTC+1, Jerri Son wrote: > > I must have missed that part in IRC, so sorry!! > I have to apologize, I think I've mixed that up with another user: https://botbot.me/freenode/graylog/2017-01-17/?msg=79493791=2 Cheers, Jochen -- You received this

[graylog2] Re: Enter Server Variable for Callback email alert

Hi Ciaran, On Thursday, 19 January 2017 17:26:23 UTC+1, Ciaran Boyle wrote: > > So this is obviously wrong - Server: ${message.fields.source}, I get > that. Can you pose an example of how I would enter the "message.source" > As I described before, there is no single message object when the

[graylog2] Re: Enter Server Variable for Callback email alert

Hi Ciaran, I will simply quote from my reply on GitHub: https://github.com/Graylog2/graylog2-server/issues/3392#issuecomment-273806544 There is no global message object but always a collection of messages which you have to iterate over (like shown on the bottom of the template and described

[graylog2] Re: large searches kill ES - can graylog stop this?

Hi Jerri, On Thursday, 19 January 2017 16:05:52 UTC+1, Jerri Son wrote: > > More specifically it doesn´t matter how small the time frame was in my > case - as soon > as I used "quick values" on any number of message (in my case 18 message, > timespan 10 seconds) I made graylog/ES crash with

Re: [graylog2] Re: Can't open web console on host IP

Hi Jason, On Thursday, 19 January 2017 14:50:15 UTC+1, JayJay wrote: > > I'm past the logon issues now, however, when i go to setup an input, and > tell it which node, it's only giving me an option for an externally > connected IP - 141.8.225.xx > This is the IP address automatically detected

Re: [graylog2] Re: Can't open web console on host IP

Hi Jason, On Thursday, 19 January 2017 10:45:40 UTC+1, JayJay wrote: > > When I tried to go to :9000 (as setup in the web_listen_uri) it > would not respond. > What does "would not respond" mean exactly? Does it time out? Does it refuse connections? Does the web browser show errors in its

[graylog2] Re: Which is the latest stable graylog version?

Hi Lecko, On Thursday, 19 January 2017 10:33:53 UTC+1, leck...@gmail.com wrote: > > But in the Graylog GUI, I get message: > > "The most recent stable Graylog version is *2.1.1 (Smuttynose) released > at 2016-09-14"* > The latest stable version is currently Graylog 2.1.2 (soon to be replaced

[graylog2] Re: Graylog Processing

Hi Peter, On Thursday, 19 January 2017 10:26:15 UTC+1, Peter Griggs wrote: > > I have two graylog instances setup (these are separate on separate sites) > one works fine the other is a mirror setup however the processing is not > working. > What does "is not working" mean exactly? Are there

Re: [graylog2] Re: Can't open web console on host IP

Hi, On Thursday, 19 January 2017 03:33:26 UTC+1, JayJay wrote: > > So does that mean we can not access GrayLog from anywhere outside the > localhost? It is a web services, after all... > Sure you can, there's a configuration file, after all…

[graylog2] Re: Embedded elastic search plugin

Hi, On Wednesday, 18 January 2017 17:54:31 UTC+1, Hyder wrote: > > Do I need to setup another cluster to prevent data-loss? What are the best > practices? > Graylog simply doesn't support running Elasticsearch plugins in its embedded instance, so if you want to use the Elastic Shield plugin or

[graylog2] Re: Embedded elastic search plugin

Hi, On Wednesday, 18 January 2017 15:21:38 UTC+1, Hyder wrote: > > How do I add plugins to the embedded ElasticSearch within Graylog? > That's currently not possible. Cheers, Jochen -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To

[graylog2] Re: Can't display journal metrics

Hi, what exactly is "" in your example? How did you configure all the Graylog nodes? Graylog nodes must be able to communicate with each other on the URI configured in rest_transport_uri. Cheers, Jochen On Tuesday, 17 January 2017 18:47:02 UTC+1, Zach Stoddard wrote: > > *Everything works,

[graylog2] Re: Windows RAW/Plintext input, parsing/extractor Question

Hi, what format do the Splunk Universal Forwarders use? Is it text-based or is it a binary format? If it's text based, you can simply use extractors or the message processing pipelines

Re: [graylog2] Re: Logstash to graylog using TLS

Hi Richard, On Tuesday, 17 January 2017 11:51:40 UTC+1, Richard S. Westmoreland wrote: > > If you're just trying to connect Logstash and Graylog over TLS, I think > getting AMQP would be overkill. You should start with getting the TLS cert > ready, then enable a GELF TCP Input with TLS, then

[graylog2] Re: Logstash to graylog using TLS

know what to put there. > routing key : no idea what is that > > cheers > Anas > > Le mardi 17 janvier 2017 10:05:03 UTC+1, Jochen Schalanda a écrit : >> >> Hi, >> >> On Tuesday, 17 January 2017 09:35:02 UTC+1, Benbrahim Anass wrote: >>> >>> i

[graylog2] Re: What is the setup in the supplied graylog OVA

Hi, On Tuesday, 17 January 2017 10:32:08 UTC+1, Hyder wrote: > > Yes i have seen those links, however it seems like there is one Graylog > server, one Mongodb and one Elastic Search instance? Is that correct? > Depending on your configuration, yes. There's never more than 1 instance of each

[graylog2] Re: Splunk output plugin error

Hi Frank, On Tuesday, 17 January 2017 10:09:07 UTC+1, Frank wrote: > > Well SYSLOGBASE2 formats it as %{SYSLOGTIMESTAMP:timestamp} which is %{MONTH} > +%{MONTHDAY} %{TIME}. > That's unfortunately incorrect. The Graylog "timestamp" has a very strict format: -MM-dd HH:mm:ss.SSS Any other

[graylog2] Re: Logstash to graylog using TLS

Hi, On Tuesday, 17 January 2017 09:35:02 UTC+1, Benbrahim Anass wrote: > > i tried gelf AMQP but i had difficulties configuring it > What exactly didn't work for you? Cheers, Jochen -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To

[graylog2] Re: use elasticsearch not only for graylog

Hi Stefano, On Monday, 16 January 2017 17:36:38 UTC+1, Stefano Tranquillini wrote: > > - what happens if i rename the cluster.name from 'graylog' to something > else? > Graylog will simply connect to the given Elasticsearch cluster. It will not automatically copy indices from the old cluster.

[graylog2] Re: use elasticsearch not only for graylog

Hi Stefano, On Monday, 16 January 2017 16:20:35 UTC+1, Stefano Tranquillini wrote: > > Now, how bad is the idea to have just 1 elasticsearch (so stop the one in > A and keep the one in B) for graylog and our searches? Is that a problem? > If your Elasticsearch cluster can handle the load of

[graylog2] Re: What is the setup in the supplied graylog OVA

Hi, please refer to http://docs.graylog.org/en/2.1/pages/installation/virtual_machine_appliances.html and http://docs.graylog.org/en/2.1/pages/configuration/graylog_ctl.html for details about the virtual machine images. Cheers, Jochen On Monday, 16 January 2017 11:11:30 UTC+1, Hyder wrote:

[graylog2] Re: Can't open web console on host IP

Hi, how did you configure Graylog? By default, the Graylog REST API and the web interface will only to localhost (127.0.0.1). Cheers, Jochen On Sunday, 15 January 2017 02:31:40 UTC+1, JayJay wrote: > > Hi, > I just installed latest on CentOS7, and can open the web console on >

[graylog2] Re: collector sidecar - Can't fetch configuration from Graylog API

Hi Scott, without knowing your Graylog configuration, the URI http://:12900/api/ looks wrong. It should probably be either http://:12900/ or http://:9000/api/, depending on your Graylog configuration. Cheers, Jochen On Sunday, 15 January 2017 16:42:38 UTC+1, Scott LeFevre wrote: > > I've

[graylog2] Re: mongodb_uri doesn't like multiple server urls?

Hi Jason, please stick to the format explained in http://docs.graylog.org/en/2.1/pages/configuration/multinode_setup.html#graylog-to-mongodb-connection and https://github.com/Graylog2/graylog2-server/blob/2.1.2/misc/graylog.conf#L434-L442 for the mongodb_uri setting. Also see the error

[graylog2] Re: hostname missing in logs received from syslog-ng

Hi Li, Graylog is parsing syslog messages according to the syslog protocol standard(s), so it will not repeat the date and the hostname on the start of each syslog message but fill the "timestamp" and "source" message fields accordingly. Also see

[graylog2] Re: java.net.ConnectException: Connection refused: /:9300

Hi Pavan, make sure that Graylog is able to connect to your Elasticsearch cluster and that the published IP address of your Elasticsearch node(s) is correct. See http://docs.graylog.org/en/2.1/pages/configuration/elasticsearch.html#configuration for some hints. Cheers, Jochen On Saturday,

[graylog2] Re: SImple pipelene creation issues

Hi Eugene, On Friday, 13 January 2017 17:39:50 UTC+1, Evgueni Gordienko wrote: > > I did manual message loading and applying the rule and it works as > intended. > No clue how to debug. > I generate message with create_message("metric:123"). > Is the "metric" field also there if you search for

[graylog2] Re: Incomplete write in php gelf library

Hi, On Friday, 13 January 2017 12:50:53 UTC+1, Алексей Лашнев wrote: > > I'have aready done it. https://github.com/bzikarsky/gelf-php/issues/78 - > but there is no reply yet. So i don't know what's the problem there? In > graylog or in the library... > Since the error message originates from

Re: [graylog2] Re: Seperate Data from streams in defferent elastic nodes

Hi Richard, On Friday, 13 January 2017 12:40:31 UTC+1, Richard S. Westmoreland wrote: > > Wow! That is going to be an awesome feature in so many different ways. > What kind of timeline do you have for this next release? > We're already in beta phase and will probably publish a release

[graylog2] Re: Can I change dashboard source from input to stream?

Hi Joan, On Friday, 13 January 2017 12:33:35 UTC+1, Joan wrote: > > I've seen that some people are exporting as a content pack and editing the > json, but is this the simplest way to achieve it? > Yes, that's currently the easiest way. Alternatively you can edit the dashboard definition in

[graylog2] Re: Splunk output plugin error

Hi Frank, On Friday, 13 January 2017 14:49:56 UTC+1, Frank wrote: > > There is a grok filter %{SYSLOGBASE2} (from the default logstash grok > patterns) which should format the timestamp correctly. > Did you make sure that the "timestamp" field is an actual timestamp and not a string after

[graylog2] Re: Seperate Data from streams in defferent elastic nodes

Hi Till, On Friday, 13 January 2017 10:29:45 UTC+1, Till Brinkmann wrote: > > So does anyone can give us a hint how we can delete the AD loggs by days > or > can seperate it in another database store on disk. > This will be possible in Graylog 2.2.0 with index sets. Cheers, Jochen -- You

<    1   2   3   4   5   6   7   8   9   10   >