Looks like I spoke too soon as the duplicates are back.
I did notice that the registry file gets recreated back on the root of the
C drive, so I guess the graylog-collector executable is doing that via
whatever command it uses to start Winlogbeat. That's still an issue as the
process doesn't
I carried out some additional testing by downloading the same version of
the Winlogbeat application (1.2.3) from the Elastic website and running it
via the CLI. I noticed that the duplicates were gone, so I tried again
running the Graylog version manually and again only saw single events.
I'd actually renamed it, but as a test I moved it to a different location
and the problem is still there.
At the moment I only have one Graylog server node (with three Elasticsearch
nodes).
On Wednesday, November 2, 2016 at 4:54:37 PM UTC, Jochen Schalanda wrote:
>
> Hi,
>
> On Wednesday, 2
Hi,
On Wednesday, 2 November 2016 17:11:22 UTC+1, Adam wrote:
>
> I updated from version 1.1.1 to 1.1.3 but the problem remains.
>
Did you remove the old plugin JAR from all Graylog nodes?
Cheers,
Jochen
--
You received this message because you are subscribed to the Google Groups
"Graylog
Hi Jochen,
I updated from version 1.1.1 to 1.1.3 but the problem remains.
Each message has a unique graylog message ID, but the winlogbeat record
number is the same. It's never more than two copies, but is always two
copies.
Are there any logs I can provide which may be of use?
Thanks,
Hi Adam,
this might be a bug in the Beats input plugin. Please update the plugin to
the latest stable release for your version of
Graylog: https://github.com/Graylog2/graylog-plugin-beats/releases
Cheers,
Jochen
On Tuesday, 1 November 2016 14:14:28 UTC+1, Adam wrote:
>
> Hi,
>
> I'm currently
