Hello everyone,
Is there a way to force graylog to process message in the journal?
I see messages in the stream and in /var/lib/graylog-server/journal/messagejournal-0/00000000000000000038.log but the last event/alert is not fired I guess because message is not processed.
Am I getting it right?
Config:
Graylog 3.3.6
Sidecar Version 1.0.2
Elasticsearch version number: 6.8.11
mongod --version db version v4.4.0
Also: Notification - received all but not the last one
This is what I see in the
/var/lib/graylog-server/journal/messagejournal-0/00000000000000000038.log 3690/3690 100%
…&…^…p.ݤ…p.!.).,u…*-
.beats.${“source”:{“no_beats_prefix”:false}}2B
830fdd78-934b-494a-a142-4766782e3ca8....5f29677b79f9c77657de0dfd:
.... ..WB..{"@timestamp":"2020-10-15T11:23:28.612Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.8.11"},"source":"/u01/app/oracle/diag/rdbms/dev1/DEV
1/trace/alert_DEV1.log","offset":4911831,"log":{"file":{"path":"/u01/app/oracle/diag/rdbms/dev1/DEV1/trace/alert_DEV1.log"}},"message":"ORA-222","gl2_source_coll
ector":"35559c42-6a5e-4ae5-9bbf-84dc470831e7","beat":{"name":"oraem2","hostname":"oraem2","version":"6.8.11"},"host":{"name":"oraem2"},"prospector":{"type":"log"
},"input":{"type":"log"},"collector_node_id":"oraem2.lan.ttr.ro"}.......'....6..............덼.ݤ..\................\....漍!..c,u...*-
.beats.{“source”:{“no_beats_prefix”:false}}2B
$830fdd78-934b-494a-a142-4766782e3ca8…5f29677b79f9c77657de0dfd:
… …B…{"@timestamp":“2020-10-15T13:12:23.297Z”,"@metadata":{“beat”:“filebeat”,“type”:“doc”,“version”:“6.8.11”},“gl2_source_collector”:“35559c42-6a5e-4ae5-9
bbf-84dc470831e7”,“beat”:{“name”:“oraem2”,“hostname”:“oraem2”,“version”:“6.8.11”},“host”:{“name”:“oraem2”},“offset”:4924676,“message”:“ORA-333”,“prospector”:{“ty
pe”:“log”},“collector_node_id”:“oraem2.lan.ttr.ro”,“source”:"/u01/app/oracle/diag/rdbms/dev1/DEV1/trace/alert_DEV1.log",“log”:{“file”:{“path”:"/u01/app/oracle/di
ag/rdbms/dev1/DEV1/trace/alert_DEV1.log"}},“input”:{“type”:“log”}}…(…C…덼.ݤ…Њ.C…漍!.+e,u…*-
.beats.${“source”:{“no_beats_prefix”:false}}2B
$830fdd78-934b-494a-a142-4766782e3ca8…5f29677b79f9c77657de0dfd:
… …B…{"@timestamp":“2020-10-15T13:13:48.303Z”,"@metadata":{“beat”:“filebeat”,“type”:“doc”,“version”:“6.8.11”},“source”:"/u01/app/oracle/diag/rdbms/dev1/DE
V1/trace/alert_DEV1.log",“log”:{“file”:{“path”:"/u01/app/oracle/diag/rdbms/dev1/DEV1/trace/alert_DEV1.log"}},“prospector”:{“type”:“log”},“gl2_source_collector”:"
35559c42-6a5e-4ae5-9bbf-84dc470831e7",“beat”:{“name”:“oraem2”,“hostname”:“oraem2”,“version”:“6.8.11”},“offset”:4924717,“message”:“ORA-3331”,“input”:{“type”:“log”
},“collector_node_id”:“oraem2.lan.ttr.ro”,“host”:{“name”:“oraem2”}}…)…V…
…덼.ݤ…漍!h`h,u…*-
.beats.${“source”:{“no_beats_prefix”:false}}2B
$830fdd78-934b-494a-a142-4766782e3ca8…5f29677b79f9c77657de0dfd:
… …B…{"@timestamp":“2020-10-15T13:17:18.330Z”,"@metadata":{“beat”:“filebeat”,“type”:“doc”,“version”:“6.8.11”},“offset”:4925341,“log”:{“file”:{“path”:"/u01
/app/oracle/diag/rdbms/dev1/DEV1/trace/alert_DEV1.log"}},“message”:“ORA-33311”,“collector_node_id”:“oraem2.lan.ttr.ro”,“source”:"/u01/app/oracle/diag/rdbms/dev1/
DEV1/trace/alert_DEV1.log",“input”:{“type”:“log”},“gl2_source_collector”:“35559c42-6a5e-4ae5-9bbf-84dc470831e7”,“beat”:{“name”:“oraem2”,“hostname”:“oraem2”,“vers
ion”:“6.8.11”},“host”:{“name”:“oraem2”},“prospector”:{“type”:“log”}}……O䁥…9....덼.ݤ..\............9…漍!.Hj,u…-
.beats.${“source”:{“no_beats_prefix”:false}}2B
$830fdd78-934b-494a-a142-4766782e3ca8…5f29677b79f9c77657de0dfd:
… …B…{"@timestamp":“2020-10-15T13:19:23.338Z”,"@metadata":{“beat”:“filebeat”,“type”:“doc”,“version”:“6.8.11”},“source”:"/u01/app/oracle/diag/rdbms/dev1/DE
V1/trace/alert_DEV1.log",“offset”:4925384,“log”:{“file”:{“path”:"/u01/app/oracle/diag/rdbms/dev1/DEV1/trace/alert_DEV1.log"}},“host”:{“name”:“oraem2”},“message”:
“ORA-1”,“input”:{“type”:“log”},“collector_node_id”:“oraem2.lan.ttr.ro”,“gl2_source_collector”:“35559c42-6a5e-4ae5-9bbf-84dc470831e7”,“prospector”:{“type”:“log”},
“beat”:{“name”:“oraem2”,“hostname”:“oraem2”,“version”:“6.8.11”}}
and the last message didn’t fired any alert.