Collector sidecar monitoring and index error rotation

rfinney · 2018-03-18 22:07:40 UTC

I have a few separate questions I’ve been wondering about.

First, is it possible within Graylog to monitor collector sidecars and alert if they are disconnected or haven’t received a message from one in x amount of time?

Or is it possible to alert based on not receiveing a message from host x in x amount of time globally regardless of stream?

Second, occasionally one of my indexes that recieves logs from winlogbeat will rotate and assign the wrong things from the first message received. This causes a ton of index errors until the index is rotated again. Is it possible to auto rotate the index if x amount of errors are present?

jochen · 2018-03-19 07:40:31 UTC

No, but you should create a custom index mapping for these messages to avoid indexing errors when the dynamic mapping infers the incorrect type.

See http://docs.graylog.org/en/2.4/pages/configuration/elasticsearch.html#custom-index-mappings for details.

rfinney · 2018-03-19 12:39:27 UTC

Thanks Jochen. I’ll take a look.

mattmatics · 2018-03-19 17:55:53 UTC

If you want to see collector notifications as a feature add some comments / likes here:

https://github.com/Graylog2/graylog2-server/issues/4580

system · 2018-04-02 17:55:53 UTC

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.