Hi, I'm running graylog2 v1.3.2 and I'm unable to determine what is causing these 2 alerts as follows. Any help is much appreciated -
1. in server.log - seeing - 2016-03-17T23:03:09.164-04:00 ERROR [AlertScannerThread] Skipping alert check that threw an exception. org.elasticsearch.action.search.SearchPhaseExecutionException: Failed to execute phase [query], all shards failed; shardFailures {[8yQnL_LOSwCNrm8-R7rz1A][graylog2_0][0]: RemoteTransportException[[graylog-es][inet[/10.30.20.52:9300]][indices:data/read/search[phase/query]]]; nested: NotSerializableTransportException[[org.elasticsearch.search.SearchParseException] [graylog2_0][0]: from[0],size[1]: Parse Failure [Failed to parse source [{"from":0,"size":1,"query":{"filtered":{"query":{"query_string":{"query":"message:\"\"PowerManager: %PWRMGMT-4-INPUT_POWER_OK: PowerSupply2 has regained input power. \"\"","allow_leading_wildcard":false}},"filter":{"bool":{"must":[{"range":{"timestamp":{"from":"2016-03-18 03:02:09.160","to":"2016-03-18 03:03:09.160","include_lower":true,"include_upper":true}}},{"query":{"query_string":{"query":"streams:56dd5fefe4b0a612b3e8f460"}}}]}}}},"sort":[{"timestamp":{"order":"desc"}}]}]]; [graylog2_0] Failed to parse query [message:""PowerManager: %PWRMGMT-4-INPUT_POWER_OK: PowerSupply2 has regained input power. ""]; Cannot parse 'message:""PowerManager: %PWRMGMT-4-INPUT_POWER_OK: PowerSupply2 has regained input power. ""': Encountered " ":" ": "" at line 1, column 50. Was expecting one of: <EOF> <AND> ... <OR> ... <NOT> ... "+" ... "-" ... <BAREOPER> ... "(" ... "*" ... "^" ... <QUOTED> ... <TERM> ... <FUZZY_SLOP> ... <PREFIXTERM> ... <WILDTERM> ... <REGEXPTERM> ... "[" ... "{" ... <NUMBER> ... ; Encountered " ":" ": "" at line 1, column 50. The switch is sending that syslog message as seen so I'm not sure what is the proper resolution on this. Col 50 is the colon right after after the INPUT_POWER_OK in the message. Why would it complain about this colon? 2. in application.log seeing - 2016-03-18T09:51:49.902-04:00 - [ERROR] - from org.graylog2.restclient.models.UserService in play-akka.actor.default-dispatcher-4 Unauthorized to load user XXXXXX org.graylog2.restclient.lib.APIException: API call failed GET http://@graylog-web:12900/users/XXXXX returned 401 Unauthorized body: at org.graylog2.restclient.lib.ApiClientImpl$ApiRequestBuilder.handleResponse(ApiClientImpl.java:511) ~[org.graylog2.graylog2-rest-client--1.3.2-1.3.2.jar:na] at org.graylog2.restclient.lib.ApiClientImpl$ApiRequestBuilder.execute(ApiClientImpl.java:441) ~[org.graylog2.graylog2-rest-client--1.3.2-1.3.2.jar:na] at org.graylog2.restclient.models.UserService.retrieveUserWithSessionId(UserService.java:162) ~[org.graylog2.graylog2-rest-client--1.3.2-1.3.2.jar:na] at lib.security.RedirectAuthenticator.authenticateSessionUser(RedirectAuthenticator.java:122) [graylog-web-interface.graylog-web-interface-1.3.2.jar:1.3.2] at lib.security.RedirectAuthenticator.getUsername(RedirectAuthenticator.java:55) [graylog-web-interface.graylog-web-interface-1.3.2.jar:1.3.2] at play.mvc.Security$AuthenticatedAction.call(Security.java:37) [com.typesafe.play.play_2.10-2.3.10.jar:2.3.10] at play.core.j.JavaAction$$anonfun$11.apply(JavaAction.scala:82) [com.typesafe.play.play_2.10-2.3.10.jar:2.3.10] at play.core.j.JavaAction$$anonfun$11.apply(JavaAction.scala:82) [com.typesafe.play.play_2.10-2.3.10.jar:2.3.10] at scala.concurrent.impl.Future$PromiseCompletingRunnable.liftedTree1$1(Future.scala:24) [org.scala-lang.scala-library-2.10.4.jar:na] at scala.concurrent.impl.Future$PromiseCompletingRunnable.run(Future.scala:24) [org.scala-lang.scala-library-2.10.4.jar:na] at play.core.j.HttpExecutionContext$$anon$2.run(HttpExecutionContext.scala:40) [com.typesafe.play.play_2.10-2.3.10.jar:2.3.10] at play.api.libs.iteratee.Execution$trampoline$.execute(Execution.scala:46) [com.typesafe.play.play-iteratees_2.10-2.3.10.jar:2.3.10] at play.core.j.HttpExecutionContext.execute(HttpExecutionContext.scala:32) [com.typesafe.play.play_2.10-2.3.10.jar:2.3.10] at scala.concurrent.impl.Future$.apply(Future.scala:31) [org.scala-lang.scala-library-2.10.4.jar:na] at scala.concurrent.Future$.apply(Future.scala:485) [org.scala-lang.scala-library-2.10.4.jar:na] at play.core.j.JavaAction$class.apply(JavaAction.scala:82) [com.typesafe.play.play_2.10-2.3.10.jar:2.3.10] at play.core.Router$HandlerInvokerFactory$JavaActionInvokerFactory$$anon$15$$anon$1.apply(Router.scala:252) [com.typesafe.play.play_2.10-2.3.10.jar:2.3.10] at play.api.mvc.Action$$anonfun$apply$1$$anonfun$apply$4$$anonfun$apply$5.apply(Action.scala:130) [com.typesafe.play.play_2.10-2.3.10.jar:2.3.10] at play.api.mvc.Action$$anonfun$apply$1$$anonfun$apply$4$$anonfun$apply$5.apply(Action.scala:130) [com.typesafe.play.play_2.10-2.3.10.jar:2.3.10] at play.utils.Threads$.withContextClassLoader(Threads.scala:21) [com.typesafe.play.play_2.10-2.3.10.jar:2.3.10] at play.api.mvc.Action$$anonfun$apply$1$$anonfun$apply$4.apply(Action.scala:129) [com.typesafe.play.play_2.10-2.3.10.jar:2.3.10] at play.api.mvc.Action$$anonfun$apply$1$$anonfun$apply$4.apply(Action.scala:128) [com.typesafe.play.play_2.10-2.3.10.jar:2.3.10] at scala.Option.map(Option.scala:145) [org.scala-lang.scala-library-2.10.4.jar:na] at play.api.mvc.Action$$anonfun$apply$1.apply(Action.scala:128) [com.typesafe.play.play_2.10-2.3.10.jar:2.3.10] at play.api.mvc.Action$$anonfun$apply$1.apply(Action.scala:121) [com.typesafe.play.play_2.10-2.3.10.jar:2.3.10] at play.api.libs.iteratee.Iteratee$$anonfun$mapM$1.apply(Iteratee.scala:483) [com.typesafe.play.play-iteratees_2.10-2.3.10.jar:2.3.10] at play.api.libs.iteratee.Iteratee$$anonfun$mapM$1.apply(Iteratee.scala:483) [com.typesafe.play.play-iteratees_2.10-2.3.10.jar:2.3.10] at play.api.libs.iteratee.Iteratee$$anonfun$flatMapM$1.apply(Iteratee.scala:519) [com.typesafe.play.play-iteratees_2.10-2.3.10.jar:2.3.10] at play.api.libs.iteratee.Iteratee$$anonfun$flatMapM$1.apply(Iteratee.scala:519) [com.typesafe.play.play-iteratees_2.10-2.3.10.jar:2.3.10] at play.api.libs.iteratee.Iteratee$$anonfun$flatMap$1$$anonfun$apply$14.apply(Iteratee.scala:496) [com.typesafe.play.play-iteratees_2.10-2.3.10.jar:2.3.10] at play.api.libs.iteratee.Iteratee$$anonfun$flatMap$1$$anonfun$apply$14.apply(Iteratee.scala:496) [com.typesafe.play.play-iteratees_2.10-2.3.10.jar:2.3.10] at scala.concurrent.impl.Future$PromiseCompletingRunnable.liftedTree1$1(Future.scala:24) [org.scala-lang.scala-library-2.10.4.jar:na] at scala.concurrent.impl.Future$PromiseCompletingRunnable.run(Future.scala:24) [org.scala-lang.scala-library-2.10.4.jar:na] at akka.dispatch.TaskInvocation.run(AbstractDispatcher.scala:41) [com.typesafe.akka.akka-actor_2.10-2.3.5.jar:na] at akka.dispatch.ForkJoinExecutorConfigurator$AkkaForkJoinTask.exec(AbstractDispatcher.scala:393) [com.typesafe.akka.akka-actor_2.10-2.3.5.jar:na] at scala.concurrent.forkjoin.ForkJoinTask.doExec(ForkJoinTask.java:260) [org.scala-lang.scala-library-2.10.4.jar:na] at scala.concurrent.forkjoin.ForkJoinPool$WorkQueue.runTask(ForkJoinPool.java:1339) [org.scala-lang.scala-library-2.10.4.jar:na] at scala.concurrent.forkjoin.ForkJoinPool.runWorker(ForkJoinPool.java:1979) [org.scala-lang.scala-library-2.10.4.jar:na] at scala.concurrent.forkjoin.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:107) [org.scala-lang.scala-library-2.10.4.jar:na] Is this because a user's session has timed out but the browser javascript is still running and attempting to contact graylog2 server with an expired session key now? How do I resolve this? it is writing to the log every few seconds. Is the only solution to close the users browser/stop javascript on client side? Thanks, -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/4f705f25-e93b-449b-a0ae-2131559e9ffa%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.