Hello All,
We are trying to integrate our graylog 2.0 server with Splunk. For this purpose we have installed the greylog splunk plugin and created the respective output also.
In my system I am not able to see “All Messages” stream. How to enable/see "All messages: stream in the system.
Thanks in Advance.
hi @Amitdhatwalia
Graylog 2.0 is very old - to be honest. Do you use it in production?
Outputs are configured per stream - Which streams do you have listed under /streams in your instance?
Hello,
Yes it’s quite old but unfortunately in production. There are multiple streams configured but i dont see any messages routed to these streams. Can you suggest how to create a stream which captures all logs/events being recieved at graylog server as I need all raw data to be forwarded to my SIEM solution.
all messages stored somewhere are in at least one stream. Usually I do remove them from all messages, as soon as I make sense out of those logs and put them into their according stream by topic. This might be the same in your instance.
The way to go here from my point of view would be to configure an output for each stream containig data.
At the risk of stating the obvious–2.0 isn’t event maintained any more. That to me is more of a threat in production than taking it down to upgrade. If it’s critical business infrastructure, then I’m guessing y’all’s security team wants to make sure that it’s patched and supported, which a 6 year old version of Graylog isn’t. Even getting up to 3.0 would put you at a 3 year old version of Graylog 
. Being on something this old makes supporting your deployment pretty difficult tbh.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
