[graylog2] Re: Global input bind_address

Hi, you can set the listen address to 0.0.0.0 for global inputs. This way, the global inputs will bind to all available network interfaces on the Graylog nodes. Cheers, Jochen On Monday, 17 October 2016 23:14:57 UTC+2, imper...@gmail.com wrote: > > What is the best practice for the

[graylog2] Re: Graylog 2.1 lost saved searches

Hi Tommy, how exactly did you upgrade? Did you configure Graylog to use the old MongoDB instance or copied the old MongoDB database into your new MongoDB server? The saved searches are stored in MongoDB in the saved_searches collection. Cheers, Jochen On Monday, 17 October 2016 19:31:01

Re: [graylog2] Re: ApiError http404 not found

Hi Mehmet, On Monday, 17 October 2016 13:35:57 UTC+2, mehmet hasdemir wrote: > > my graylog server version is 2.03 > web interface server version 1.3.2 > These are incompatible. The Graylog web interface has been integrated into the Graylog server starting with Graylog 2.0.0. Please read

[graylog2] Re: ApiError http404 not found

Hi Mehmet, it looks like you're using a very old version of Graylog. If you're starting from scratch, please follow the installation instructions at http://docs.graylog.org/en/2.1/pages/installation.html for the latest version of Graylog. Cheers, Jochen On Monday, 17 October 2016 11:29:58

[graylog2] Re: Graylog Field Auto Tagging

Hi Joe, we're planning to enable generic dictionary lookups in the message processing pipelines in a future release, but for now you'd have to do this with Drools: http://docs.graylog.org/en/2.1/pages/drools.html Cheers, Jochen On Friday,

[graylog2] Re: graylog2 timestamp not from application log message

Hi Wayne On Friday, 14 October 2016 19:36:17 UTC+2, Wayne wrote: > > I have tried your extractor, and it looks like it almost worked, except > that the timestamp seems to use UTC, instead of my local time zone. > The date converter can be configured to use a specific timezone. Cheers, Jochen

[graylog2] Re: graylog2 timestamp not from application log message

"condition_value": "" } ], "version": "2.1.1" } Cheers, Jochen On Thursday, 13 October 2016 18:41:13 UTC+2, Wayne wrote: > > Hi Jochen, > > Just to add a bit more detail: > > The timestamp in my server log is of the following patter

[graylog2] Re: Graylog server not starting

Hi, the Graylog configuration looks sane (double check that elasticsearch_discovery_zen_ping_unicast_hosts is pointing to the correct host). Also add the following line to your Graylog configuration file: elasticsearch_network_host

[graylog2] Re: Filebeat or NXLog

Hi, On Friday, 14 October 2016 09:33:23 UTC+2, ph.je...@googlemail.com wrote: > > is it possible that somebody can tell me short what is the difference > between them an what is better? > The answer is and will always be: It depends on your use cases. Both can read lines from text files and

[graylog2] Re: graylog2 extractor set source as incoming IP

Hi, Graylog will usually use the source IP address of the client delivering a message if there's not explicit source field inside the delivered message. What's the current problem you're trying to solve? Cheers, Jochen On Thursday, 13 October 2016 21:34:33 UTC+2, dmerenda wrote: > > Hi

[graylog2] Re: Graylog server not starting

Hi, your Graylog configuration file looks very strange. Please post the correct one without the interleaved Elasticsearch configuration parts. Cheers, Jochen -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and

[graylog2] Re: Issue with JSON extractor. Dot is converted to Underscore

Hi, On Thursday, 13 October 2016 20:35:53 UTC+2, fxp wrote: > > Question is why is this json extractor not working as intended? > Graylog converts dots in field names automatically to underscores to cater to a restriction of Elasticsearch 2.x:

[graylog2] Re: graylog2 timestamp not from application log message

Hi Wayne, On Thursday, 13 October 2016 16:30:18 UTC+2, Wayne wrote: > > I understand that the timestamp reflects the time that graylog imported > the log messages, and not the timestamp associated with the application log > message. For example, if I send a log file from my application server

[graylog2] Re: Changing the query in a generated chart

Hi David, On Thursday, 13 October 2016 14:30:22 UTC+2, David Gerdeman wrote: > > Is there a way to change the query used to generate a chart after it is > created? For example, if I want to change the source, or add to fields to > a chart, can that be done without having to create a new

[graylog2] Re: Syslog UDP Input not being routed to stream via gl2_source_input rule

Hi Oliver, extractors are only applied to new messages before they are indexed into Elasticsearch. Existing messages, which have already been indexed before, won't change if you change an extractor. Cheers, Jochen On Thursday, 13 October 2016 11:34:03 UTC+2, Oliver Schrenk wrote: > > Hi, > >

[graylog2] Re: Integrating elasticsearch with other application

On Thursday, 13 October 2016 11:42:53 UTC+2, Rohit Paygude wrote: > > So is there any way to achieve this ? If we are storing data directly to > elasticsearch and then displaying it through Graylog. No. -- You received this message because you are subscribed to the Google Groups "Graylog

[graylog2] Re: Can't bind GELF UDP input inside the graylog server docker container

Hi Vitalik, the problem is that your rest_transport_uri is incorrect. Try starting the Graylog Docker container with the following environment variables: GRAYLOG_PASSWORD_SECRET=your_password_secret GRAYLOG_ROOT_PASSWORD_SHA2=your_root_password_hash

[graylog2] Re: Server currently unavailable error

Hi, you're running into a problem with the Mixed Content Policy of your web browser. If you're using HTTPS for the web interface, you also have to use HTTPS for the Graylog REST API (see web_endpoint_uri ).

[graylog2] Re: Can't bind GELF UDP input inside the graylog server docker container

Hi Vitalik, please check the logs of your Graylog node(s) for error messages. Cheers, Jochen On Wednesday, 12 October 2016 15:43:30 UTC+2, Vitalik Kostyshyn wrote: > > First posted on github issues, which was closed: > https://github.com/Graylog2/graylog2-server/issues/2943 > > Will repost

[graylog2] Re: Clustered Graylog with multiple nodes

Hi Mehmet, see http://docs.graylog.org/en/2.1/pages/configuration/multinode_setup.html for instructions how to configure Graylog for a multi-node setup. You can also create a Graylog cluster using the virtual appliances (OVA), see

[graylog2] Re: Graylog 2.1.1 (Cluster) - Problem with automatic cycling deflectors

Hi Timo, please check the logs of your Graylog and ES nodes for errors and post them here. Cheers, Jochen -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to

[graylog2] Re: Manually add deployment marker/annotations (via an API)?

Hi Oliver, that's currently not possible in Graylog, but feel free to open a feature request for it at https://github.com/Graylog2/graylog2-server/issues/. Cheers, Jochen On Wednesday, 12 October 2016 12:14:27 UTC+2, Oliver Schrenk wrote: > > Hi, > > Is there some way to mark global events

[graylog2] Re: Where is the graylog server log file location inside docker container?

Hi Vitalik, The graylog2/server Docker image sends logs to stdout and doesn't write them into a log file. You can use a Docker Logging Driver to configure where these logs should be written

[graylog2] Re: GELF - max value size of _[additional field]

Hi, On Wednesday, 12 October 2016 05:55:48 UTC+2, au.ja...@gmail.com wrote: > > "...what client are you using the send these messages?" > Doesn't seem to matter. Reproducible from any HTTP, UDP client. > Please answer the question. HTTP, UDP etc. are different inputs on the Graylog side of

[graylog2] Re: GELF - max value size of _[additional field]

Hi, On Wednesday, 12 October 2016 01:31:36 UTC+2, au.ja...@gmail.com wrote: > > For verbosity, I've replaced large xml-based data with 'LargeMessage'. > Please attach a *complete message *which failed to be indexed correctly. Also provide the current index mappings of your Elasticsearch cluster

[graylog2] Re: Account creation via approval process ?

Hi, that's currently not possible with Graylog out-of-the-box. Cheers, Jochen On Tuesday, 11 October 2016 21:44:20 UTC+2, T.J. Yang wrote: > > Hi > > I have 2.1.0 configured with AD and was able to auto create account if a > user's Active Directory account is correct. > > Is it possible to

[graylog2] Re: GELF - max value size of _[additional field]

Hi, are there any error messages in the logs of your Graylog or Elasticsearch nodes? Could you attach an example message to demonstrate the issue? What kind of input are you using in Graylog (GELF UDP, GELF TCP, or something else) and what client are you using the send these messages?

[graylog2] Re: Meaning of graylog_elasticsearch_discovery_zen_ping_unicast_hosts

Hi Evgueni, On Monday, 10 October 2016 20:10:16 UTC+2, Evgueni Gordienko wrote: > > but what is the meaning of > graylog_elasticsearch_discovery_zen_ping_unicast_hosts? How to set it? > There is no such setting in the Graylog configuration file. Where did you get it from? Maybe you're

[graylog2] Re: Graylog 2.1.1 cannot login due to Server currently unavailable error

Hi Bobby, your network settings are all mixed up. Try the following configuration and remove (or comment out) all other settings such as rest_transport_uri and web_endpoint_uri. web_listen_uri = http://10.2.117.116:9000/ rest_listen_uri = http://10.2.117.116:9000/api/ Cheers, Jochen On

[graylog2] Re: Graylog 2.1.1 Java error when starting 2.1.1

Hi, this message is caused by the OkHttp library which is being used as HTTP client in Graylog: https://github.com/square/okhttp/blob/parent-3.4.1/okhttp/src/main/java/okhttp3/OkHttpClient.java#L248-L262 Make sure that your JVM supports SSL/TLS. Cheers, Jochen On Monday, 10 October 2016

[graylog2] Re: Graylog 2.1.1 (Cluster) - Problem with automatic cycling deflectors

Ware: V7 / *2 vCPU / 4GB RAM / 20GB IDE & 80 GB SATA* (Data) > > Am Montag, 10. Oktober 2016 17:05:45 UTC+2 schrieb Jochen Schalanda: >> >> Hi Timo, >> >> what are the hardware specs of your VMs and which exact versions of >> Graylog are you using? >>

[graylog2] Re: Graylog 2.1.1 (Cluster) - Problem with automatic cycling deflectors

Hi Timo, what are the hardware specs of your VMs and which exact versions of Graylog are you using? Cheers, Jochen On Monday, 10 October 2016 17:01:16 UTC+2, Timo Beuker wrote: > > I have Installed a Graylog-Cluster with 2 VMs. > LAN: GraylogServer1 (Full-Config / Master) > DMZ: GraylogServer2

[graylog2] Re: Graylog 2 :How to configure email alert instant " Disk Full" and " fatal error"

Hi, please refer to http://docs.graylog.org/en/2.1/pages/streams/alerts.html for setup instructions and general information about alerts. Cheers, Jochen On Friday, 7 October 2016 11:11:03 UTC+2, lokesh.c...@digivalet.com wrote: > > Hello! > > I want to configure a mail alert instantly when

[graylog2] Re: Graylog creates second ES node

Hi Lukas, from the logs of your Graylog node : 2016-10-10T07:47:51.865Z INFO [IndexRetentionThread] Elasticsearch cluster not available, skipping index retention checks. It seems like Graylog cannot communicate with the Elasticsearch cluster. Make sure that the

[graylog2] Re: Increase JVM heap space

Hi Manel, On Monday, 10 October 2016 09:31:35 UTC+2, Manel wrote: > > Can i increase JVM heap space in graylog ? > Yes, that's of course possible. See http://docs.graylog.org/en/2.1/pages/configuration/file_location.html for the location of the files you have to edit on your system. Cheers,

[graylog2] Re: Meaning of graylog_elasticsearch_discovery_zen_ping_unicast_hosts

Hi Evgueni, please see https://github.com/Graylog2/graylog2-server/blob/2.1.1/misc/graylog.conf#L271-L274 for an explanation of the elasticsearch_discovery_zen_ping_unicast_hosts and all other configuration settings. Cheers, Jochen On Friday, 7 October 2016 20:39:19 UTC+2, Evgueni

[graylog2] Re: JOIN queries on search

Hi Emanuel, that's currently not possible with Graylog. Cheers, Jochen On Friday, 7 October 2016 15:26:43 UTC+2, Emanuel Valente wrote: > > Hello everyone, > > I'm new on Graylog and I'd like to know if I can do JOIN based queries in > my search. > > I have the following situation: > > I'm

[graylog2] Re: Graylog stuck on initializing ElasticSearch node

Hi John, On Friday, 7 October 2016 10:43:59 UTC+2, John B wrote: > > Is there a way I can force a reset or similar (without doing a full > deletion)? > What do you want to reset exactly? Cheers, Jochen -- You received this message because you are subscribed to the Google Groups "Graylog

[graylog2] Re: Graylog SSO not working.

Hi Rakesh, see https://github.com/Graylog2/graylog-plugin-auth-sso/issues/17 for a related bug report. Cheers, Jochen On Thursday, 6 October 2016 19:39:37 UTC+2, Rakesh R wrote: > > Hi, > >There is some problem with the graylog SSO plugin.( After installing > the SSO plugin

[graylog2] Re: Correct Graylog repo base url for ansible with yum?

Hi Evgueni, see http://docs.graylog.org/en/2.1/pages/installation/operating_system_packages.html#rpm-yum-dnf for the correct settings. Cheers, Jochen On Thursday, 6 October 2016 01:05:35 UTC+2, Evgueni Gordienko wrote: > > Hi, > > I'm trying > - name: Add Graylog repository >

[graylog2] Re: search usability comment

Hi Jason, On Friday, 30 September 2016 00:01:14 UTC+2, Jason Haar wrote: > > I'd guess sometimes the search is so fast, that there's no opportunity for > the little bottom popup to occur? So I'm sitting them continually clicking > the search button and seeing absolutely no evidence of a search

[graylog2] Re: Graylog 2.1. compliance ISO 27000

Hi, we haven't invested in any efforts to make Graylog compliant to ISO 27000 (yet?), but it might be *accidentally* compliant (i. e. all parts might be there, there's simply no "stamp" on it). What requirements are you looking for specifically? Cheers, Jochen On Thursday, 29 September 2016

[graylog2] Re: Do I need Elasticsearch installed on Graylog server for a multi-node setup?

Hi Adam, the elasticsearch_discovery_zen_ping_unicast_hosts and elasticsearch_network_host settings are wrong, see http://docs.graylog.org/en/2.1/pages/configuration/elasticsearch.html#network-setup . Also take a close look at the network.host setting in your Elasticsearch configuration and

[graylog2] Re: Do I need Elasticsearch installed on Graylog server for a multi-node setup?

Hi Adam, Graylog needs to be able to join the Elasticsearch cluster as a client node, which means that all other Elasticsearch nodes must be able to communicate with Graylog and vice versa. Check the Elasticsearch cluster name in all config files and make sure that the

[graylog2] Re: Graylog cluster: using two different elasticsearch cluster

Hi, On Wednesday, 28 September 2016 17:47:01 UTC+2, sangh wrote: > > Is it possible to use two different elasticsearch cluster for a graylog > cluster > That's currently not possible but planned for a future version of Graylog. It will not make it into Graylog 2.2.x, though. Cheers, Jochen

[graylog2] Re: Using the Beats inputs - forwarder configuration

Hi Chris, which version of filebeat are you using? Has any new content been added/appended to the log files you're monitoring after you've started filebeat? Also take note that you can use the Graylog Collector Sidecar to manage filebeat instances on your machines:

[graylog2] Re: Wrongly arranged data in csv export

Hi Avdhoot, while this is in some cases inconvenient, the CSV export does not retain message order by time (or any other field order) because of the internals used to gather the data ( https://www.elastic.co/guide/en/elasticsearch/reference/2.4/search-request-scroll.html ). You're welcome to

[graylog2] Re: Displayed columns and their order in saved searches

Hi Daniel, On Tuesday, 27 September 2016 20:33:26 UTC+2, Daniel Niasoff wrote: > > Is it meant to save the display settings and perhaps I am doing something > wrong? > No, Saved Searches really only store the search query and the title. Selected message fields are not stored. If you think

[graylog2] Re: Processing of stream failed to return within 2000ms.

Hi, from your screenshot it seems pretty clear that Elasticsearch can't index messages at the same rate that they are ingested and processed by Graylog. On Tuesday, 27 September 2016 17:57:16 UTC+2, juli...@gmail.com wrote: > > So process is when be when message is actually parsed and output

[graylog2] Re: Processing of stream failed to return within 2000ms.

Hi, On Tuesday, 27 September 2016 16:50:44 UTC+2, juli...@gmail.com wrote: > > Thanks for the links but ins't the problem with the Kafka journal more > then ES indexing really? And isn't lowering processors an issue considering > the bottleneck? > the disk journal is rarely the problem. Check

Re: [graylog2] Broken Streams?

d into the stream). I >> also have verified that sending a test alert from the stream works >> successfully, so it doesn't appear to be an issue with Graylog talking to >> the mail server. Any help or ideas would be appreciated. If there is >> additional info I can provide, ple

[graylog2] Re: Web interface not starting-Graylog-v2.1.0

: > > Hi Jochen, > > I have uploaded elasticsearch and graylog configuration file and also web > interface screenshot. > > Please guide. > > Regards, > Shrawan > > On Tuesday, 27 September 2016 18:23:07 UTC+5:30, Jochen Schalanda wrote: >> >> Hi Shraw

[graylog2] Re: Processing of stream failed to return within 2000ms.

re if ring size will > change anything. And raising journal from 1GB to 5GB only delayed the > issue. > > > On Tuesday, 27 September 2016 06:12:36 UTC-4, Jochen Schalanda wrote: >> >> Hi, >> >> On Monday, 26 September 2016 16:31:21 UTC+2, juli...@gmail.com

[graylog2] Re: Web interface not starting-Graylog-v2.1.0

Hi Shrawan, On Tuesday, 27 September 2016 14:07:49 UTC+2, Shrawan Bhagwat wrote: > > please tell me again what info i have to provide. > Your current configuration (Graylog and Elasticsearch), the logs of your Graylog and Elasticsearch nodes, and the error messages from the

[graylog2] Re: Processing of stream failed to return within 2000ms.

Hi, On Monday, 26 September 2016 16:31:21 UTC+2, juli...@gmail.com wrote: > > As a 'coincidence', the the journal filled up to maximum capacity (and > failed) really quickly during the same period due to spikes in events at > that time (expected) so I adjusted the journal > size,

[graylog2] Re: Web interface not starting-Graylog-v2.1.0

/2.0/pages/configuration/web_interface.html on > this URL. > > Please guide. > > Regards, > Shrawan > > On Monday, 26 September 2016 20:23:33 UTC+5:30, Jochen Schalanda wrote: >> >> Hi Shrawan, >> >> that's still not the required information. P

[graylog2] Re: Error Initialising publisher: No outputs are defined. Please define one under the output section in graylog collector sidecar and filebeat

quot;apache" but it doesn't working. > > On Monday, September 26, 2016 at 2:43:23 PM UTC+7, Jochen Schalanda wrote: >> >> Hi, >> >> did you assign the correct tags ("apache") in your collector_sidecar.yml >> file? See >> http:

[graylog2] Re: ELastic search for logs in graylog server

Hi Sam, On Tuesday, 27 September 2016 01:29:02 UTC+2, sam wrote: > > As said like elastic search is responsible for storing the logs. Other > than graylog web interface, is there anyway I could look for those stored > logs in elastic search (where the logs are stored) URL (If there such kind >

[graylog2] Re: Reference Configuration with Graylog

Hi Evgueni, see http://docs.graylog.org/en/2.1/pages/architecture.html#bigger-production-setup for an example HA production setup. Cheers, Jochen On Monday, 26 September 2016 21:14:33 UTC+2, Evgueni Gordienko wrote: > > Hi All, > > Is there any suggested/reference configuration with Graylog

[graylog2] Re: Web interface not starting-Graylog-v2.1.0

Hi Shrawan, that's still not the required information. Please adapt the command to your MongoDB configuration (localhost/127.0.0.1 is obviously not the correct MongoDB server). Cheers, Jochen On Monday, 26 September 2016 16:19:06 UTC+2, Shrawan Bhagwat wrote: > > Hi Jochen, > > I am getting

[graylog2] Re: Elasticsearch bulk api with gelf http input

Hi, On Monday, 26 September 2016 15:20:24 UTC+2, eugen@googlemail.com wrote: > > could it be that the gelf http input type is not able to handle bulk > requests? > Yes, that's correct. Why did you think it would support this? Cheers, Jochen -- You received this message because you are

[graylog2] Re: nginx reverse proxy messing up gl2_remote_ip

Hi Daniele, your client has to set the "host" field of the GELF message correctly: http://docs.graylog.org/en/2.1/pages/gelf.html#gelf-format-specification Cheers, Jochen On Monday, 26 September 2016 10:50:17 UTC+2, Daniele wrote: > > Hi, > > we're using nginx as reverse proxy in front of our

[graylog2] Re: Using the Beats inputs - forwarder configuration

Hi Chris, On Saturday, 24 September 2016 21:11:22 UTC+2, Chris wrote: > > I am curious as to what the beats forwarders configuration should be. I am > used to using Logstash to parse logs before sending to Elasticsearch so I > am wondering how the Graylog Beats input works? Is the data sent

[graylog2] Re: Error Initialising publisher: No outputs are defined. Please define one under the output section in graylog collector sidecar and filebeat

Hi, did you assign the correct tags ("apache") in your collector_sidecar.yml file? See http://docs.graylog.org/en/2.1/pages/collector_sidecar.html#configuration for details. Cheers, Jochen On Monday, 26 September 2016 05:47:41 UTC+2, GiangCoi Mr wrote: > > Hi all > > I started with this

[graylog2] Re: MongoDB issues

Hi Werner, make sure that the node ID ( https://github.com/Graylog2/graylog2-server/blob/master/misc/graylog.conf#L49-L51) didn't change during the upgrade of that Graylog installation. Inputs are bound to the node ID, so changing the node ID means, that inputs for that node won't be found.

[graylog2] Re: graylog search head

Hi Max, unless your Graylog Cluster spans all data centers (not recommended, though), that's currently not possible. Cheers, Jochen On Friday, 23 September 2016 23:54:09 UTC+2, max xu wrote: > > Hi, > > Our environment is distributed (multiple datacenters). Our search will > need to cover all

[graylog2] Re: Graylog2 timestamp issue

Hi, this is essentially the same timestamp with different timezones. Currently, only the display of the "main" column is being converted to the user's configured timezone, while the field in the detail view of a message is not (still being essentially the same timestamp). There is already an

[graylog2] Re: Client IP in Log message

Hi Andy, as already mentioned on IRC, you can use the message processing pipelines to copy the contents of the "gl2_remote_ip" or "gl2_remote_hostname" field into the "source" message field: http://docs.graylog.org/en/2.1/pages/pipelines.html Cheers, Jochen On Friday, 23 September 2016

[graylog2] Re: Web interface not starting-Graylog-v2.1.0

Hi Shrawan, that's not the command I mentioned. Cheers, Jochen On Friday, 23 September 2016 15:41:22 UTC+2, Shrawan Bhagwat wrote: > > Hi Jochen, > > i have got following output after executing that command: > > ./mongo 192.168.178.228/Graylog > MongoDB shell version: 3.2.9 > connecting to:

[graylog2] Re: unable to figure out permissions using REST API

Hi Jason, the required permissions are: - searches:absolute - searches:keyword searches:relative See https://github.com/Graylog2/graylog2-server/blob/2.1.1/graylog2-server/src/main/java/org/graylog2/shared/security/RestPermissions.java#L106-L108 Cheers, Jochen On Thursday, 22

[graylog2] Re: Graylog Stream Messages Disappearing

Hi Kenneth, On Thursday, 22 September 2016 21:32:49 UTC+2, Kenneth Gyan wrote: > > When you say index, do you mean the input? > No, I mean index: http://docs.graylog.org/en/2.1/pages/index_model.html On Thursday, 22 September 2016 21:32:49 UTC+2, Kenneth Gyan wrote: > Also how can i check the

[graylog2] Re: Graylog 2.0.1 Web Interface Issue

Hi Chris, On Thursday, 22 September 2016 10:57:20 UTC+2, Chris wrote: > > /etc/graylog/graylog-settings.json > If you're using the graylog-ctl script , manual changes in the Graylog configuration file will be overwritten if

[graylog2] Re: Graylog Stream Messages Disappearing

Hi Kenneth, retention currently only works on index-level, not on stream-level. What exactly do you mean with disappears? Can you still find the message via the universal search? Is the index containing the message still available? Cheers, Jochen On Thursday, 22 September 2016 05:03:45

[graylog2] Re: Broken Streams?

Hi, what's the exact alert condition you're using? Kindly include some example messages, too. Cheers, Jochen On Wednesday, 21 September 2016 18:29:00 UTC+2, Nathan Mace wrote: > > Recently upgraded to 2.1 and just noticed this behavior. > > I have a stream that matches against two rules: > >

[graylog2] Re: Error - the server returned: 404 - on login

Hi Evgueni, please post your Graylog configuration and tell us more about your network setup (e. g. on which systems Graylog and Elasticsearch are running). Cheers, Jochen On Wednesday, 21 September 2016 21:40:05 UTC+2, Evgueni Gordienko wrote: > > Hi, > > I have graylog2 (2.1) working fine

Re: [graylog2] Re: Graylog configuration of filebeat and graylog collector sidecar

Hi Kunal, On Wednesday, 21 September 2016 17:00:48 UTC+2, Kunal Patil wrote: > > I m unable to fetch multiline logs > Please help with that > nxlog supports parsing multiline messages, see https://nxlog.co/docs/nxlog-ce/nxlog-reference-manual.html#xm_multiline for details. Cheers, Jochen >

[graylog2] Re: Issues after upgrading to 2.1

Hi Chris, what's the output of the following curl commands if you run it on the machine your web browser is running on? curl -v -X GET http://10.18.16.15:9000/ curl -v -X GET -H 'Accept: application/json' http://10.18.16.15:9000/api/ The long GC pauses (over 1 minute is really bad and

[graylog2] Re: Graylog 2.1.1 Web Interface Problem

Hi Chris, according to the details you've shared previously, the correct value for web_endpoint_uri would be http://MY_AWS_RT53_DNS:12900/api/. Cheers, Jochen On Wednesday, 21 September 2016 12:37:01 UTC+2, Chris wrote: > > Thanks Jochen, > > I have updated the web_endpoint_uri to: > >

[graylog2] Re: send owncloud/nextcloud logs to graylog

Hi Stefan, On Wednesday, 21 September 2016 12:08:02 UTC+2, Stefan Krüger wrote: > > will graylog create his own log shipper in the near feature? > I think some people want to have on solution from on source > Been there, done that . In other words: no.

Re: [graylog2] Re: Graylog configuration of filebeat and graylog collector sidecar

Hi Kunal, we can't help you without more details about what you did, what you expected it to do, and what it actually did. If you think that there are steps missing in the documentation, feel free to open an issue at https://github.com/Graylog2/documentation/issues. And last but not least,

[graylog2] Re: Compress collected data or move to a new HDD?

Hi, Phil already mentioned the part of the Graylog documentation explaining how to expand the disk space in the virtual machine appliances: http://docs.graylog.org/en/2.1/pages/configuration/graylog_ctl.html#extend-ova-disk You can also activate a better compression in Elasticsearch at the

[graylog2] Re: Node agent install weblogic

Hi Rajesh, what is a "WL server in Linux"? In general, take a look at the Graylog documentation: http://docs.graylog.org/en/2.1/pages/collector_sidecar.html Cheers, Jochen On Tuesday, 20 September 2016 11:43:42 UTC+2, Rajesh Basa wrote: > > Hi , > > I have installed graylog server software in

[graylog2] Re: Debian Jessie Graylog 2.1 Apache 2.4 - Cannot access web interface

Hi Wesley, your rest_transport_uri setting is wrong. Either leave it completely out (so that the default is being used; in this case you have to set web_endpoint_uri

Re: [graylog2] Re: geolocation problem

gt; I had tried all fields with the same error. The file is the classic > apache2 access.log file. > > Thanks > > Tony > > 2016-09-19 8:48 GMT+01:00 Jochen Schalanda: > >> Hi Tony, >> >> what field do you try to graph on the map widget and what are the

[graylog2] Re: problem connecting to the web server.

Hi, 192.168.0.1 is obviously an IP address from a private IP range. You need to configure the public URI or IP address of your Graylog REST API (the Elastic IP one) using the web_endpoint_uri setting.

[graylog2] Re: connection string of mongodb with ipv6 and port

nection now open) > 2016-09-19T11:46:06.667Z I ACCESS [conn37] Successfully authenticated as > principal jenkins on graylog > 2016-09-19T11:46:20.731Z I NETWORK [conn37] end connection > 2003:1b3b:fffc:11b:4252:1098:c965:6dd1:43124 (0 connections now open) > > > > O

[graylog2] Re: Graylog compiled pipeline-processor plugin source is not successful

Hi, please make sure to use a version of the pipeline-processor plugin which is compatible with your version of Graylog. Additionally make sure to clear your browser cache to rule out problems with that. Cheers, Jochen On Monday, 19 September 2016 11:04:43 UTC+2, 周津宁 wrote: > > hello： >

[graylog2] Re: unable to login to web interface graylog AMI

ver. > > On Monday, September 19, 2016 at 1:14:24 PM UTC+5:30, Jochen Schalanda > wrote: >> >> Hi, >> >> how exactly did you install Graylog and how did you configure it? >> >> Please try explicitly setting Graylog's external addresses with the >> gray

[graylog2] Re: connection string of mongodb with ipv6 and port

) > ~[graylog.jar:?] > at > com.mongodb.connection.MultiServerCluster.handleReplicaSetMemberChanged(MultiServerCluster.java:217) > > ~[graylog.jar:?] > at > com.mongodb.connection.MultiServerCluster.onChange(MultiServerCluster.java:164) > > ~[graylog.jar:?] > at

[graylog2] Re: connection string of mongodb with ipv6 and port

Hi Shah, unfortunately this seems to be bug in the MongoDB Java driver which Graylog is using under the hood (see https://jira.mongodb.org/browse/JAVA-2220) but which has been fixed in a more recent version of the driver (see https://jira.mongodb.org/browse/JAVA-2245). Graylog 2.1.x is using

[graylog2] Re: Reg: Histogram time frame and message time stamp

Hi Manimaran, please describe the problem in more detail and include some examples. Cheers, Jochen On Sunday, 18 September 2016 20:31:19 UTC+2, Manimaran N wrote: > > > I am configured graylog server 2.0.X. But I am facing the issue in search. > Able to see the message input in regularly.

[graylog2] Re: Web interface not starting-Graylog-v2.1.0

Hi Shrawan, it seems like there's a bug in the status collector for MongoDB. Could you please share your MongoDB configuration (probably /etc/mongod.conf) and share the output of the db.serverStatus() command in the mongo

[graylog2] Re: Using kopf plugin to change *_geolocation fields type to geo_point

Hi Aykisn, On Thursday, 15 September 2016 07:56:05 UTC+2, Aykisn wrote: > > I edited the graylog-internal template to add the geolocation fields to > convert tem to geo_point. > Graylog will check and overwrite its internal template (graylog-internal), so changing this will have no effect at

[graylog2] Re: Deflector throwing exception during rotation

Hi Mayur, thanks for letting us know! While the scenario leading to this error messages seems to be quite an edge-case, the handling of it inside Graylog wasn't 100% correct. I've created a bug report (and fix) for this issue at https://github.com/Graylog2/graylog2-server/pull/2833 and it

[graylog2] Re: elasticsearch network.host address

Hi Michael, this setting can currently not be overridden in the OVA. Could you elaborate on why Kibana can't access Elasticsearch on the primary network interface of the VM (which is where the IP address comes from) and has to access it on 127.0.0.1? Cheers, Jochen On Wednesday, 14 September

[graylog2] Re: Extract/Backup logs that Graylog received

; > OK thanks for that answer :) > > So it is Elasticsearch who will be greedy of disk storage capacity ? > > Le mardi 13 septembre 2016 16:09:32 UTC+2, Jochen Schalanda a écrit : >> >> Hi William, >> >> Graylog is indexing all log messages into Elasticsearch >>

[graylog2] Re: How to use the "copy input" extractor for the geolocation fields ?

Hi Aykisn, the GeoIP processor probably only runs after the extractors in your setup, so that at the time the extractors are running, the rp_ip_geolocation field doesn't exist. You can change the running order on the System / Configurations / Message Processors Configuration page in the

[graylog2] Re: Registering rest resource for custom Graylog plugin

Hi Trisha, On Monday, 12 September 2016 17:57:14 UTC+2, Trisha Funtanilla wrote: > > I tried to make a simple GET request as a test to the api url: > http://gl_host_name:12900/path where path is the value I annotated with > @Path. > Plugin JAX-RS resources are imported using a specific

[graylog2] Re: Forwarding events from OSSEC to Graylog using CEF UDP Plugin not working.

Hi Georges, Graylog (i. e. "graylog-server") needs to be restarted after a plugin has been installed (i. e. the JAR file has been copied into the plugin directory). Other components, such as Elasticsearch or MongoDB, do not need to be restarted. Cheers, Jochen On Saturday, 10 September 2016

[graylog2] Re: 2.1 new api brower url take long time to return

can disable internet font reference ? > > >Disable the loading of external resource, or vendor the font. > > tj > > On Friday, September 9, 2016 at 7:33:21 AM UTC-5, Jochen Schalanda wrote: >> >> Hi, >> >> there's a related bug report for this is

<    1   2   3   4   5   6   7   8   9   10   >