Hi,
I'm running graylog2 v1.3.2 and I'm unable to determine what is causing
these 2 alerts as follows. Any help is much appreciated -
1. in server.log -
seeing -
2016-03-17T23:03:09.164-04:00 ERROR [AlertScannerThread] Skipping alert
check that threw an exception.
org.elasticsearch.action.search.SearchPhaseExecutionException: Failed to
execute phase [query], all shards failed; shardFailures
{[8yQnL_LOSwCNrm8-R7rz1A][graylog2_0][0]:
RemoteTransportException[[graylog-es][inet[/10.30.20.52:9300]][indices:data/read/search[phase/query]]];
nested:
NotSerializableTransportException[[org.elasticsearch.search.SearchParseException]
[graylog2_0][0]: from[0],size[1]: Parse Failure [Failed to parse source
[{"from":0,"size":1,"query":{"filtered":{"query":{"query_string":{"query":"message:\"\"PowerManager:
%PWRMGMT-4-INPUT_POWER_OK: PowerSupply2 has regained input power.
\"\"","allow_leading_wildcard":false}},"filter":{"bool":{"must":[{"range":{"timestamp":{"from":"2016-03-18
03:02:09.160","to":"2016-03-18
03:03:09.160","include_lower":true,"include_upper":true}}},{"query":{"query_string":{"query":"streams:56dd5fefe4b0a612b3e8f460"}}}]}}}},"sort":[{"timestamp":{"order":"desc"}}]}]];
[graylog2_0] Failed to parse query [message:""PowerManager:
%PWRMGMT-4-INPUT_POWER_OK: PowerSupply2 has regained input power. ""];
Cannot parse 'message:""PowerManager: %PWRMGMT-4-INPUT_POWER_OK:
PowerSupply2 has regained input power. ""': Encountered " ":" ": "" at line
1, column 50.
Was expecting one of:
<EOF>
<AND> ...
<OR> ...
<NOT> ...
"+" ...
"-" ...
<BAREOPER> ...
"(" ...
"*" ...
"^" ...
<QUOTED> ...
<TERM> ...
<FUZZY_SLOP> ...
<PREFIXTERM> ...
<WILDTERM> ...
<REGEXPTERM> ...
"[" ...
"{" ...
<NUMBER> ...
; Encountered " ":" ": "" at line 1, column 50.
The switch is sending that syslog message as seen so I'm not sure what is
the proper resolution on this. Col 50 is the colon right after after the
INPUT_POWER_OK in the message. Why would it complain about this colon?
2. in application.log seeing -
2016-03-18T09:51:49.902-04:00 - [ERROR] - from
org.graylog2.restclient.models.UserService in
play-akka.actor.default-dispatcher-4
Unauthorized to load user XXXXXX
org.graylog2.restclient.lib.APIException: API call failed GET
http://@graylog-web:12900/users/XXXXX returned 401 Unauthorized body:
at
org.graylog2.restclient.lib.ApiClientImpl$ApiRequestBuilder.handleResponse(ApiClientImpl.java:511)
~[org.graylog2.graylog2-rest-client--1.3.2-1.3.2.jar:na]
at
org.graylog2.restclient.lib.ApiClientImpl$ApiRequestBuilder.execute(ApiClientImpl.java:441)
~[org.graylog2.graylog2-rest-client--1.3.2-1.3.2.jar:na]
at
org.graylog2.restclient.models.UserService.retrieveUserWithSessionId(UserService.java:162)
~[org.graylog2.graylog2-rest-client--1.3.2-1.3.2.jar:na]
at
lib.security.RedirectAuthenticator.authenticateSessionUser(RedirectAuthenticator.java:122)
[graylog-web-interface.graylog-web-interface-1.3.2.jar:1.3.2]
at
lib.security.RedirectAuthenticator.getUsername(RedirectAuthenticator.java:55)
[graylog-web-interface.graylog-web-interface-1.3.2.jar:1.3.2]
at play.mvc.Security$AuthenticatedAction.call(Security.java:37)
[com.typesafe.play.play_2.10-2.3.10.jar:2.3.10]
at play.core.j.JavaAction$$anonfun$11.apply(JavaAction.scala:82)
[com.typesafe.play.play_2.10-2.3.10.jar:2.3.10]
at play.core.j.JavaAction$$anonfun$11.apply(JavaAction.scala:82)
[com.typesafe.play.play_2.10-2.3.10.jar:2.3.10]
at
scala.concurrent.impl.Future$PromiseCompletingRunnable.liftedTree1$1(Future.scala:24)
[org.scala-lang.scala-library-2.10.4.jar:na]
at
scala.concurrent.impl.Future$PromiseCompletingRunnable.run(Future.scala:24)
[org.scala-lang.scala-library-2.10.4.jar:na]
at
play.core.j.HttpExecutionContext$$anon$2.run(HttpExecutionContext.scala:40)
[com.typesafe.play.play_2.10-2.3.10.jar:2.3.10]
at
play.api.libs.iteratee.Execution$trampoline$.execute(Execution.scala:46)
[com.typesafe.play.play-iteratees_2.10-2.3.10.jar:2.3.10]
at
play.core.j.HttpExecutionContext.execute(HttpExecutionContext.scala:32)
[com.typesafe.play.play_2.10-2.3.10.jar:2.3.10]
at scala.concurrent.impl.Future$.apply(Future.scala:31)
[org.scala-lang.scala-library-2.10.4.jar:na]
at scala.concurrent.Future$.apply(Future.scala:485)
[org.scala-lang.scala-library-2.10.4.jar:na]
at play.core.j.JavaAction$class.apply(JavaAction.scala:82)
[com.typesafe.play.play_2.10-2.3.10.jar:2.3.10]
at
play.core.Router$HandlerInvokerFactory$JavaActionInvokerFactory$$anon$15$$anon$1.apply(Router.scala:252)
[com.typesafe.play.play_2.10-2.3.10.jar:2.3.10]
at
play.api.mvc.Action$$anonfun$apply$1$$anonfun$apply$4$$anonfun$apply$5.apply(Action.scala:130)
[com.typesafe.play.play_2.10-2.3.10.jar:2.3.10]
at
play.api.mvc.Action$$anonfun$apply$1$$anonfun$apply$4$$anonfun$apply$5.apply(Action.scala:130)
[com.typesafe.play.play_2.10-2.3.10.jar:2.3.10]
at play.utils.Threads$.withContextClassLoader(Threads.scala:21)
[com.typesafe.play.play_2.10-2.3.10.jar:2.3.10]
at
play.api.mvc.Action$$anonfun$apply$1$$anonfun$apply$4.apply(Action.scala:129)
[com.typesafe.play.play_2.10-2.3.10.jar:2.3.10]
at
play.api.mvc.Action$$anonfun$apply$1$$anonfun$apply$4.apply(Action.scala:128)
[com.typesafe.play.play_2.10-2.3.10.jar:2.3.10]
at scala.Option.map(Option.scala:145)
[org.scala-lang.scala-library-2.10.4.jar:na]
at play.api.mvc.Action$$anonfun$apply$1.apply(Action.scala:128)
[com.typesafe.play.play_2.10-2.3.10.jar:2.3.10]
at play.api.mvc.Action$$anonfun$apply$1.apply(Action.scala:121)
[com.typesafe.play.play_2.10-2.3.10.jar:2.3.10]
at
play.api.libs.iteratee.Iteratee$$anonfun$mapM$1.apply(Iteratee.scala:483)
[com.typesafe.play.play-iteratees_2.10-2.3.10.jar:2.3.10]
at
play.api.libs.iteratee.Iteratee$$anonfun$mapM$1.apply(Iteratee.scala:483)
[com.typesafe.play.play-iteratees_2.10-2.3.10.jar:2.3.10]
at
play.api.libs.iteratee.Iteratee$$anonfun$flatMapM$1.apply(Iteratee.scala:519)
[com.typesafe.play.play-iteratees_2.10-2.3.10.jar:2.3.10]
at
play.api.libs.iteratee.Iteratee$$anonfun$flatMapM$1.apply(Iteratee.scala:519)
[com.typesafe.play.play-iteratees_2.10-2.3.10.jar:2.3.10]
at
play.api.libs.iteratee.Iteratee$$anonfun$flatMap$1$$anonfun$apply$14.apply(Iteratee.scala:496)
[com.typesafe.play.play-iteratees_2.10-2.3.10.jar:2.3.10]
at
play.api.libs.iteratee.Iteratee$$anonfun$flatMap$1$$anonfun$apply$14.apply(Iteratee.scala:496)
[com.typesafe.play.play-iteratees_2.10-2.3.10.jar:2.3.10]
at
scala.concurrent.impl.Future$PromiseCompletingRunnable.liftedTree1$1(Future.scala:24)
[org.scala-lang.scala-library-2.10.4.jar:na]
at
scala.concurrent.impl.Future$PromiseCompletingRunnable.run(Future.scala:24)
[org.scala-lang.scala-library-2.10.4.jar:na]
at akka.dispatch.TaskInvocation.run(AbstractDispatcher.scala:41)
[com.typesafe.akka.akka-actor_2.10-2.3.5.jar:na]
at
akka.dispatch.ForkJoinExecutorConfigurator$AkkaForkJoinTask.exec(AbstractDispatcher.scala:393)
[com.typesafe.akka.akka-actor_2.10-2.3.5.jar:na]
at scala.concurrent.forkjoin.ForkJoinTask.doExec(ForkJoinTask.java:260)
[org.scala-lang.scala-library-2.10.4.jar:na]
at
scala.concurrent.forkjoin.ForkJoinPool$WorkQueue.runTask(ForkJoinPool.java:1339)
[org.scala-lang.scala-library-2.10.4.jar:na]
at
scala.concurrent.forkjoin.ForkJoinPool.runWorker(ForkJoinPool.java:1979)
[org.scala-lang.scala-library-2.10.4.jar:na]
at
scala.concurrent.forkjoin.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:107)
[org.scala-lang.scala-library-2.10.4.jar:na]
Is this because a user's session has timed out but the browser javascript
is still running and attempting to contact graylog2 server with an expired
session key now? How do I resolve this? it is writing to the log every few
seconds. Is the only solution to close the users browser/stop javascript on
client side?
Thanks,
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/4f705f25-e93b-449b-a0ae-2131559e9ffa%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
