Hello After adding beat input in web issue has been solved
*REGARDS:KUNAL VIKAS PATIL9860265594* On Thu, Sep 22, 2016 at 12:25 PM, Kunal Patil <[email protected]> wrote: > Hello > do we need logstash in service in graylog server for reciving the logs > send by beats > as genarated configuration shows below details > > filebeat: > prospectors: > - document_type: log > fields: > gl2_source_collector: 29a42246-401d-4097-8c52-22fff9b6869c > ignore_older: 10s > input_type: log > paths: > - /var/log/httpd/scalphanv2.justbuylive.in-access_log > scan_frequency: 0 > tail_files: false > - document_type: log > fields: > gl2_source_collector: 29a42246-401d-4097-8c52-22fff9b6869c > ignore_older: 0 > input_type: log > paths: > - /var/log/httpd/adminalphanv1.justbuylive.in-access_log > scan_frequency: 10s > tail_files: true > output: > logstash: > hosts: > - graylogip:5044 > > > > > > > > *REGARDS:KUNAL VIKAS PATIL9860265594* > > On Thu, Sep 22, 2016 at 6:11 AM, Werner van der Merwe < > [email protected]> wrote: > >> Hi Kunal, >> >> Kindly paste your configs, from what I can make out in the screenshot, >> your newline identifier is not set correctly. The %{host} is more than >> likely from incorrectly parsing the logs. >> >> If you're willing to try NXLog, they have snipets for the config in their >> doco: >> https://nxlog.org/documentation/nxlog-community-edition- >> reference-manual-v20928#processing_parsers_combined_log_format_example >> >> What might help, NXLog (or beats) is the application that ships logs to >> Graylog. Sidecar is an extension of Graylog allowing you to centralise, >> manage and distribute profiles to enable easier collection of logs. >> Thus, if you use sidecar, you don't have to worry about the config of >> NXLog (or beats), as that will be supplied by Sidecar. >> >> Sidecar on the client side, you select snippets as elements in the 'tags' >> array. But adding a tag in that array assumes you've created a >> configuration in Graylog and assigned a tag with similar name to the config >> element. >> >> On your client, you are calling the apache tag, which is correct. Just >> ensure you have a configuration matching that tag. >> In Graylog, browse System -> Collectors, then click the "Manage >> Collectors" button. >> This will present you with your different configurations, ensure one of >> them at least has the apache tag allocated to it. >> >> If it does, you only need to worry about the configuration within that >> entry. From what I see I am expecting the parser is not correctly >> configured. >> >> >> On Thursday, September 22, 2016 at 8:27:34 AM UTC+12, Kunal Patil wrote: >>> >>> Hello >>> >>> I have read the document previous issue has been resolved >>> i m getting data but some data come under %{host} source filed >>> I have configured apache logs as shown in documentation >>> >>> please refer attached screenshot >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> *REGARDS:KUNAL VIKAS PATIL9860265594* >>> >>> On Thu, Sep 22, 2016 at 1:20 AM, Marius Sturm <[email protected]> >>> wrote: >>> >>>> Kunal, >>>> please read the Sidecar documentation first. You have to create a >>>> configuration in the Graylog web interface and tag it with the same tag >>>> like you started the Sidecar instance. There is a step-by-step guide even >>>> with screenshots here: http://docs.graylog.org/en/2.1 >>>> /pages/collector_sidecar.html#step-by-step-guide >>>> >>>> Cheers, >>>> Marius >>>> >>>> >>>> On 21 September 2016 at 20:52, Kunal Patil <[email protected]> >>>> wrote: >>>> >>>>> hello >>>>> Thanks for the quick reply and solution as you guys suggested i m >>>>> trying to implement filebeat with help of documentation but i m getting >>>>> below error on web gui please check ad revert >>>>> >>>>> Sidecar >>>>> Tags:apacheIP: >>>>> CPU Idle:99.47%Load:0.06Volumes > 75%: >>>>> ------------------------------ >>>>> *Status*: No configuration found for configured tags! >>>>> Backends >>>>> *Filebeat*: Collector exits immediately, this should not happen! >>>>> Please check your collector configuration! >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> *REGARDS:KUNAL VIKAS PATIL9860265594* >>>>> >>>>> On Wed, Sep 21, 2016 at 9:22 PM, Jochen Schalanda <[email protected]> >>>>> wrote: >>>>> >>>>>> Hi Kunal, >>>>>> >>>>>> nxlog and Filebeat are two different log shippers, each with its own >>>>>> advantages and disadvantages, which are supported by the Graylog >>>>>> Collector >>>>>> Sidecar. >>>>>> >>>>>> Both, nxlog and Filebeat, do support multiline messages: >>>>>> >>>>>> - https://www.elastic.co/guide/en/beats/filebeat/1.3/multiline >>>>>> -examples.html >>>>>> - https://nxlog.co/docs/nxlog-ce/nxlog-reference-manual.html#x >>>>>> m_multiline >>>>>> >>>>>> It's up to you which log shipper you want to use in the end and how >>>>>> you configure it. >>>>>> >>>>>> Cheers, >>>>>> Jochen >>>>>> >>>>>> On Wednesday, 21 September 2016 17:43:44 UTC+2, Kunal Patil wrote: >>>>>>> >>>>>>> I m little confused here >>>>>>> After reading document >>>>>>> In document u guys have given steps for beat and nx log >>>>>>> configuration >>>>>>> Can u brief more about that >>>>>>> My doubt is >>>>>>> If i have beat to send data to graylog why i want nxlog >>>>>>> And if nxlog is required then what is role of beat >>>>>>> >>>>>> -- >>>>>> You received this message because you are subscribed to a topic in >>>>>> the Google Groups "Graylog Users" group. >>>>>> To unsubscribe from this topic, visit https://groups.google.com/d/to >>>>>> pic/graylog2/QVxdxyLWmww/unsubscribe. >>>>>> To unsubscribe from this group and all its topics, send an email to >>>>>> [email protected]. >>>>>> To view this discussion on the web visit >>>>>> https://groups.google.com/d/msgid/graylog2/42f77a7e-b46f-4df >>>>>> 6-9d2b-3366af1415da%40googlegroups.com >>>>>> <https://groups.google.com/d/msgid/graylog2/42f77a7e-b46f-4df6-9d2b-3366af1415da%40googlegroups.com?utm_medium=email&utm_source=footer> >>>>>> . >>>>>> >>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>> >>>>> >>>>> -- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "Graylog Users" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an email to [email protected]. >>>>> To view this discussion on the web visit >>>>> https://groups.google.com/d/msgid/graylog2/CAJa2o%3D85b_XKO2 >>>>> sgzBvDJ5YjoBX-o3RFJjZ%3D%3DJORjw%3D2%3DktESA%40mail.gmail.com >>>>> <https://groups.google.com/d/msgid/graylog2/CAJa2o%3D85b_XKO2sgzBvDJ5YjoBX-o3RFJjZ%3D%3DJORjw%3D2%3DktESA%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>>> . >>>>> >>>>> For more options, visit https://groups.google.com/d/optout. >>>>> >>>> >>>> >>>> >>>> -- >>>> Developer >>>> >>>> Tel.: +49 (0)40 609 452 077 >>>> Fax.: +49 (0)40 609 452 078 >>>> >>>> TORCH GmbH - A Graylog Company >>>> Poolstraße 21 >>>> 20335 Hamburg >>>> Germany >>>> >>>> https://www.graylog.com <https://www.torch.sh/> >>>> >>>> Commercial Reg. (Registergericht): Amtsgericht Hamburg, HRB 125175 >>>> Geschäftsführer: Lennart Koopmann (CEO) >>>> >>>> -- >>>> You received this message because you are subscribed to a topic in the >>>> Google Groups "Graylog Users" group. >>>> To unsubscribe from this topic, visit https://groups.google.com/d/to >>>> pic/graylog2/QVxdxyLWmww/unsubscribe. >>>> To unsubscribe from this group and all its topics, send an email to >>>> [email protected]. >>>> To view this discussion on the web visit https://groups.google.com/d/ms >>>> gid/graylog2/CAMqbBbJfWA08j_rVraiJpHOA9cpHM4Gwvk0tyZ9Eu3e0kr >>>> RLiQ%40mail.gmail.com >>>> <https://groups.google.com/d/msgid/graylog2/CAMqbBbJfWA08j_rVraiJpHOA9cpHM4Gwvk0tyZ9Eu3e0krRLiQ%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>> . >>>> >>>> For more options, visit https://groups.google.com/d/optout. >>>> >>> >>> -- >> You received this message because you are subscribed to a topic in the >> Google Groups "Graylog Users" group. >> To unsubscribe from this topic, visit https://groups.google.com/d/to >> pic/graylog2/QVxdxyLWmww/unsubscribe. >> To unsubscribe from this group and all its topics, send an email to >> [email protected]. >> To view this discussion on the web visit https://groups.google.com/d/ms >> gid/graylog2/3f2fa765-99fc-479f-aea8-ce8222706151%40googlegroups.com >> <https://groups.google.com/d/msgid/graylog2/3f2fa765-99fc-479f-aea8-ce8222706151%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> >> For more options, visit https://groups.google.com/d/optout. >> > > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/CAJa2o%3D8ByogLXr2PZRX9V1fwOCA8NKisdzzo%3DFwVvbGC8m%2BwJg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
