Depends a bit on how you are collecting... but iwth NXLog you can add the
following to the output sections
Exec $Hostname = host_ip();
If you are using the collectors you can add this in the verbatim config
section for your outputs.
You could also use the same trick to instead add another
a on any machine that has network access to the
elasticsearch cluster
On Thursday, 15 September 2016 04:10:05 UTC+10, Daniel Reif wrote:
>
> Michael Anthon,
> *you could publish your kibana.yml?I am unable to do Kibana find my
> ElasticSearch cluster and load messages.*
> Em quart
Hi All,
Every time I run the reconfigure command at the moment it updated the
"network.host" entry in /opt/graylog/elasticsearch/config/elasticsearch.yml
to the network address of the machine instead of the (for me) desired
0.0.0.0 (I have Kibana running on the server as well attempting to
I ran into this issue last night as well. It seems to me (from looking at
the beats doco) that beats doesn't handle multiple outputs. I'm not sure
how graylog is deciding which output to use but it seems that we can't use
this type of setup for beats (regardless of the fact that the interface
nt to see everything from something
> specific without noise from another and without the need for a stream.
>
> -
>
> On Wednesday, September 7, 2016 at 4:01:08 AM UTC-6, Michael Anthon wrote:
>>
>> While our system currently isn't that large I'm trying to determine t
While our system currently isn't that large I'm trying to determine the
best way to configure Graylog to make future updates and extensions simple
to manage.
Where I'm struggling with this is with the impact in terms of performance
of configuring things certain ways.
So, for example, we have
Hi All,
I have just attempted to set up filebeat and winlogbeat to see how they
perform but ran into a bit of an issue with using winlogbeat and TLS
connections.
The config file generated look (in part) like this for an output defined in
collectors with "Enable TLS support" and "Insecure TLS
questions. In your case
> I guess you updated the collector server plugin but didn't do the same for
> the sidecar itself. After installing the latest sidecar version the fields
> should be gone and the config should be valid again.
>
> Cheers,
> Marius
>
>
> On 24
Going by the headers I'm guessing that's an IIS log? As Jochen suggested
previously, Grok is your friend.
These are the patterns I'm using for my IIS logs (one for entries with a
referer and one without)
%{YEAR:year;int}-%{MONTHNUM:monthnum;int}-%{MONTHDAY:monthday;int}[T ](?!<[0
ector/issues/13
> Should be available in Graylog 2.1.0-RC1
>
> Cheers,
> Marius
>
>
> On 12 August 2016 at 13:20, Michael Anthon <michael...@infoview.com.au
> > wrote:
>
>> Thanks Marius,
>> I've just upgraded to the latest beta and it certainly is lo
Thanks Marius,
I've just upgraded to the latest beta and it certainly is looking a lot
better, it also looks like it might solve another issue I was going to
raise with the verbatim configurations since we want to do some custom
processing on inputs to strip sensitive data before it's sent over
Oh yeah, I should have mentioned that sorry !
- Graylog 2.0.3 (installed from current AWS AMI just a few days ago)
- nxlog-ce-2.9.1716
On Friday, 12 August 2016 00:55:59 UTC+10, Michael Anthon wrote:
>
> Hi All,
> Is there a way to use the new collector setup to use SSL?
Hi All,
Is there a way to use the new collector setup to use SSL? Maybe I'm just
missing something but there doesn't seem to be a way to enable it.
I have set up an input that uses SSL and configured nxlog manually to send
to this input successfully. The output definition in nxlog looks like
13 matches
Mail list logo