1
response

Data loss UDP - no errors found - NXLOG data delayed more than 5 minutes

Hello,

 

I have 2 infrastructures installed one on Amazon and another on premises. On Amazon every thing is OK, but when I send logs on premises I have a 5 to 7 minutes delayed and I loss almost 30% of the data,

I activated the buffer option and I pass through it before sending logs to my on premise server but it doesn't work

Somebody know how to correct that?

 

Thank you for your help and answer

 

Ana

AskedNovember 18, 2016 - 5:31pm
2
responses

How to add a field for the file offset?

We are pushing logs from file with the im_file module to logstash and then to elasticsearch. However, some of these logs only have second accuracy, and therefore not returned in order by elasticsearch when sorted by just the time. To get around this problem, we would like to add the position of the log event to a field that we store (for example beginning line number or byte offset within the source file).

AskedNovember 18, 2016 - 1:11am
2
responses

Regular expression issue within pm_pattern

I have the following regexp:

^\s*(\d{2}:\d{2}:\d{2}\.\d{4})\s+(\[\S+\])\s+([\s\S]*)$

and a line from the log that I am trying to parse (there are some spaces at the beginning of the line):

 13:33:00.1205 [-] Persisting VDOM path /

trying to process a file using pm_pattern module with LogLevel DEBUG this is what I get:

AskedNovember 16, 2016 - 11:17am
1
response

Getting the correct select path setup

I am wanting to see if this is possiable to put in a line for Input event log. 

 

 <Input eventlog>   

Module im_msvistalog   

SavePos FALSE   

ReadFromLast TRUE   

Query  <QueryList>\            

<Query Id="0">\             

<Select Path="System">*[System[(EventID=22 or EventID=1076 or EventID=6005 or EventID=6006)]] and *[System/Level=2]</Select>\             

</Query>\

AskedNovember 15, 2016 - 10:05pm
1
response

Creating Stream with API

Hello. 

The case is:

I am creating Stream with rules using API.

Question is:

Is there a way to set the input for a stream using GrayLog API?

 

Thanks.

AskedNovember 11, 2016 - 2:44pm

Pages