Gelf in DHCP not showing messages

Hi,

I’ve installed nxlog on a Windows server hosting a DHCP service.
I’m interested in viewing logs of DHCP events on Graylog.

I have set up the following config in nxlog:

define ROOT C:\Program Files (x86)\nxlog

Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log
Loglevel debug

Module xm_gelf Module im_file File "C:\Windows\Sysnative\dhcp\DhcpSrvLog-*.log" PollInterval 1 SavePos True ReadFromLast True Recursive False RenameCheck True Exec $FileName = file_name(); # Send file name with each message Module om_udp Module om_udp Host 192.168.205.242 Port 12201 OutputType GELF Exec $short_message = $raw_event; # Avoids truncation of the short_message field. Exec $gl2_source_collector = '5b4c8c06636311037456fe97'; Exec $Hostname = hostname_fqdn(); Path DHCP_IN => DHCP_OUT

I have added a GELF UDP input. I can see the network counters go up but no messages show.
Can you please help me?
The only thing I managed to find is indexing errors of the following:

{“type”:“mapper_parsing_exception”,“reason”:“failed to parse”,“caused_by”:{“type”:“illegal_argument_exception”,“reason”:“Can’t parse [index] value [not_analyzed] for field [SourceModuleType], expected [true] or [false]”}}=

Please format your post properly, so that line breaks are visible:
https://community.graylog.org/faq#format-markdown

Also, please post the complete logs of your Graylog node. What you’ve posted is usually just a warning when using Elasticsearch 5.x.

Thank you for your patience. Apologize for the clutter.

Here’s a more detailed post:

I am using Graylog 2.4.5.
I have a DHCP service installed on Windows Server 2012R2.
I’m intrested in seeing DHCP events on Graylog.

What I’ve done:
Installed nxlog with the following configuration:

define ROOT C:\Program Files (x86)\nxlog

Moduledir %ROOT%\modules 
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log
Loglevel debug

<Extension gelf> 
    Module xm_gelf
</Extension>

<Input 578f9dbc0ae2f10b1139b6a9>
    Module im_file
    File "C:\Windows\Sysnative\dhcp\DhcpSrvLog-*.log"
    PollInterval 1
    SavePos	True
    ReadFromLast True
    Recursive False
    RenameCheck True
    Exec $FileName = file_name(); # Send file name with each message
</Input>

<Output 578f97f40ae2f10b1139b093>
    Module om_udp
    Host 192.168.......
    Port ....
    OutputType  GELF
    Exec $short_message = $raw_event; # Avoids truncation of the short_message field.
    Exec $gl2_source_collector = '5b4c8c06636311037456fe97';
    Exec $Hostname = hostname_fqdn();
</Output>

I’ve installed the DHCP content pack from the Market.

Can you please intruct me on how to get the logs? Sorry for asking a trivial question.

Check http://docs.graylog.org/en/2.4/pages/configuration/file_location.html for the location of the log files in your particular installation of Graylog.

This was in Your first post, a snippet from route section, I believe. Are You sure this is OK? Where are DHCP_IN and DHCP_OUT module names defined?

Please disregard the first post, this was a template I have found.
My 2nd post shows current config.

I do need to spend more time on reading how this works exactly.

2018-07-17_09:17:44.92143 WARN  [Messages] Failed to index message: index=<graylog_0> id=<438ecf21-89a2-11e8-b6ea-005056a91822> error=<{"type":"mapper_parsing_exception","reason":"failed to parse","caused_by":{"type":"illegal_argument_exception","reason":"Can't parse [index] value [not_analyzed] for field [SourceModuleType], expected [true] or [false]"}}>
2018-07-17_09:17:44.92145 ERROR [Messages] Failed to index [1] messages. Please check the index error log in your web interface for the reason. Error: One or more of the items in the Bulk request failed, check BulkResult.getItems() for more information.
2018-07-17_09:17:48.92137 WARN  [Messages] Failed to index message: index=<graylog_0> id=<45ec6e31-89a2-11e8-b6ea-005056a91822> error=<{"type":"mapper_parsing_exception","reason":"failed to parse","caused_by":{"type":"illegal_argument_exception","reason":"Can't parse [index] value [not_analyzed] for field [SourceModuleType], expected [true] or [false]"}}>
2018-07-17_09:17:48.92138 ERROR [Messages] Failed to index [1] messages. Please check the index error log in your web interface for the reason. Error: One or more of the items in the Bulk request failed, check BulkResult.getItems() for more information.
2018-07-17_09:17:50.92129 WARN  [Messages] Failed to index message: index=<graylog_0> id=<471d9b30-89a2-11e8-b6ea-005056a91822> error=<{"type":"mapper_parsing_exception","reason":"failed to parse","caused_by":{"type":"illegal_argument_exception","reason":"Can't parse [index] value [not_analyzed] for field [SourceModuleType], expected [true] or [false]"}}>
2018-07-17_09:17:50.92131 ERROR [Messages] Failed to index [1] messages. Please check the index error log in your web interface for the reason. Error: One or more of the items in the Bulk request failed, check BulkResult.getItems() for more information.
2018-07-17_09:18:03.92156 WARN  [Messages] Failed to index message: index=<graylog_0> id=<4edddbf0-89a2-11e8-b6ea-005056a91822> error=<{"type":"mapper_parsing_exception","reason":"failed to parse","caused_by":{"type":"illegal_argument_exception","reason":"Can't parse [index] value [not_analyzed] for field [SourceModuleType], expected [true] or [false]"}}>
2018-07-17_09:18:03.92163 ERROR [Messages] Failed to index [1] messages. Please check the index error log in your web interface for the reason. Error: One or more of the items in the Bulk request failed, check BulkResult.getItems() for more information.
2018-07-17_09:18:07.92266 WARN  [Messages] Failed to index message: index=<graylog_0> id=<514035f1-89a2-11e8-b6ea-005056a91822> error=<{"type":"mapper_parsing_exception","reason":"failed to parse","caused_by":{"type":"illegal_argument_exception","reason":"Can't parse [index] value [not_analyzed] for field [SourceModuleType], expected [true] or [false]"}}>
2018-07-17_09:18:07.92269 ERROR [Messages] Failed to index [1] messages. Please check the index error log in your web interface for the reason. Error: One or more of the items in the Bulk request failed, check BulkResult.getItems() for more information.
2018-07-17_09:18:09.92146 WARN  [Messages] Failed to index message: index=<graylog_0> id=<527162f0-89a2-11e8-b6ea-005056a91822> error=<{"type":"mapper_parsing_exception","reason":"failed to parse","caused_by":{"type":"illegal_argument_exception","reason":"Can't parse [index] value [not_analyzed] for field [SourceModuleType], expected [true] or [false]"}}>
2018-07-17_09:18:09.92152 ERROR [Messages] Failed to index [1] messages. Please check the index error log in your web interface for the reason. Error: One or more of the items in the Bulk request failed, check BulkResult.getItems() for more information.
2018-07-17_09:18:22.92261 WARN  [Messages] Failed to index message: index=<graylog_0> id=<5a37e540-89a2-11e8-b6ea-005056a91822> error=<{"type":"mapper_parsing_exception","reason":"failed to parse","caused_by":{"type":"illegal_argument_exception","reason":"Can't parse [index] value [not_analyzed] for field [SourceModuleType], expected [true] or [false]"}}>
2018-07-17_09:18:22.92265 ERROR [Messages] Failed to index [1] messages. Please check the index error log in your web interface for the reason. Error: One or more of the items in the Bulk request failed, check BulkResult.getItems() for more information.
2018-07-17_09:18:26.92270 WARN  [Messages] Failed to index message: index=<graylog_0> id=<5c958450-89a2-11e8-b6ea-005056a91822> error=<{"type":"mapper_parsing_exception","reason":"failed to parse","caused_by":{"type":"illegal_argument_exception","reason":"Can't parse [index] value [not_analyzed] for field [SourceModuleType], expected [true] or [false]"}}>
2018-07-17_09:18:26.92271 ERROR [Messages] Failed to index [1] messages. Please check the index error log in your web interface for the reason. Error: One or more of the items in the Bulk request failed, check BulkResult.getItems() for more information.
2018-07-17_09:18:28.92152 WARN  [Messages] Failed to index message: index=<graylog_0> id=<5dc6b150-89a2-11e8-b6ea-005056a91822> error=<{"type":"mapper_parsing_exception","reason":"failed to parse","caused_by":{"type":"illegal_argument_exception","reason":"Can't parse [index] value [not_analyzed] for field [SourceModuleType], expected [true] or [false]"}}>
2018-07-17_09:18:28.92158 ERROR [Messages] Failed to index [1] messages. Please check the index error log in your web interface for the reason. Error: One or more of the items in the Bulk request failed, check BulkResult.getItems() for more information.
2018-07-17_09:18:34.92327 WARN  [Messages] Failed to index message: index=<graylog_0> id=<615a3851-89a2-11e8-b6ea-005056a91822> error=<{"type":"mapper_parsing_exception","reason":"failed to parse","caused_by":{"type":"illegal_argument_exception","reason":"Can't parse [index] value [not_analyzed] for field [SourceModuleType], expected [true] or [false]"}}>
2018-07-17_09:18:34.92333 WARN  [Messages] Failed to index message: index=<graylog_0> id=<615a8672-89a2-11e8-b6ea-005056a91822> error=<{"type":"mapper_parsing_exception","reason":"failed to parse","caused_by":{"type":"illegal_argument_exception","reason":"Can't parse [index] value [not_analyzed] for field [SourceModuleType], expected [true] or [false]"}}>
2018-07-17_09:18:34.92336 WARN  [Messages] Failed to index message: index=<graylog_0> id=<615aad80-89a2-11e8-b6ea-005056a91822> error=<{"type":"mapper_parsing_exception","reason":"failed to parse","caused_by":{"type":"illegal_argument_exception","reason":"Can't parse [index] value [not_analyzed] for field [SourceModuleType], expected [true] or [false]"}}>
2018-07-17_09:18:34.92339 ERROR [Messages] Failed to index [3] messages. Please check the index error log in your web interface for the reason. Error: One or more of the items in the Bulk request failed, check BulkResult.getItems() for more information.
2018-07-17_09:18:43.92134 WARN  [Messages] Failed to index message: index=<graylog_0> id=<66b7f801-89a2-11e8-b6ea-005056a91822> error=<{"type":"mapper_parsing_exception","reason":"failed to parse","caused_by":{"type":"illegal_argument_exception","reason":"Can't parse [index] value [not_analyzed] for field [SourceModuleType], expected [true] or [false]"}}>
2018-07-17_09:18:43.92136 ERROR [Messages] Failed to index [1] messages. Please check the index error log in your web interface for the reason. Error: One or more of the items in the Bulk request failed, check BulkResult.getItems() for more information.
2018-07-17_09:18:47.92252 WARN  [Messages] Failed to index message: index=<graylog_0> id=<691a7910-89a2-11e8-b6ea-005056a91822> error=<{"type":"mapper_parsing_exception","reason":"failed to parse","caused_by":{"type":"illegal_argument_exception","reason":"Can't parse [index] value [not_analyzed] for field [SourceModuleType], expected [true] or [false]"}}>
2018-07-17_09:18:47.92258 ERROR [Messages] Failed to index [1] messages. Please check the index error log in your web interface for the reason. Error: One or more of the items in the Bulk request failed, check BulkResult.getItems() for more information.
2018-07-17_09:18:49.92246 WARN  [Messages] Failed to index message: index=<graylog_0> id=<6a4b7f03-89a2-11e8-b6ea-005056a91822> error=<{"type":"mapper_parsing_exception","reason":"failed to parse","caused_by":{"type":"illegal_argument_exception","reason":"Can't parse [index] value [not_analyzed] for field [SourceModuleType], expected [true] or [false]"}}>
2018-07-17_09:18:49.92248 WARN  [Messages] Failed to index message: index=<graylog_0> id=<6a4b7f02-89a2-11e8-b6ea-005056a91822> error=<{"type":"mapper_parsing_exception","reason":"failed to parse","caused_by":{"type":"illegal_argument_exception","reason":"Can't parse [index] value [not_analyzed] for field [SourceModuleType], expected [true] or [false]"}}>
2018-07-17_09:18:49.92250 ERROR [Messages] Failed to index [2] messages. Please check the index error log in your web interface for the reason. Error: One or more of the items in the Bulk request failed, check BulkResult.getItems() for more information.
2018-07-17_09:18:58.92254 WARN  [Messages] Failed to index message: index=<graylog_0> id=<6faaec61-89a2-11e8-b6ea-005056a91822> error=<{"type":"mapper_parsing_exception","reason":"failed to parse","caused_by":{"type":"illegal_argument_exception","reason":"Can't parse [index] value [not_analyzed] for field [SourceModuleType], expected [true] or [false]"}}>
2018-07-17_09:18:58.92256 ERROR [Messages] Failed to index [1] messages. Please check the index error log in your web interface for the reason. Error: One or more of the items in the Bulk request failed, check BulkResult.getItems() for more information.
2018-07-17_09:19:02.92268 WARN  [Messages] Failed to index message: index=<graylog_0> id=<720afc70-89a2-11e8-b6ea-005056a91822> error=<{"type":"mapper_parsing_exception","reason":"failed to parse","caused_by":{"type":"illegal_argument_exception","reason":"Can't parse [index] value [not_analyzed] for field [SourceModuleType], expected [true] or [false]"}}>
2018-07-17_09:19:02.92276 ERROR [Messages] Failed to index [1] messages. Please check the index error log in your web interface for the reason. Error: One or more of the items in the Bulk request failed, check BulkResult.getItems() for more information.
2018-07-17_09:19:06.92125 WARN  [Messages] Failed to index message: index=<graylog_0> id=<746d5671-89a2-11e8-b6ea-005056a91822> error=<{"type":"mapper_parsing_exception","reason":"failed to parse","caused_by":{"type":"illegal_argument_exception","reason":"Can't parse [index] value [not_analyzed] for field [SourceModuleType], expected [true] or [false]"}}>
2018-07-17_09:19:06.92126 ERROR [Messages] Failed to index [1] messages. Please check the index error log in your web interface for the reason. Error: One or more of the items in the Bulk request failed, check BulkResult.getItems() for more information.
2018-07-17_09:19:08.92136 WARN  [Messages] Failed to index message: index=<graylog_0> id=<759e8370-89a2-11e8-b6ea-005056a91822> error=<{"type":"mapper_parsing_exception","reason":"failed to parse","caused_by":{"type":"illegal_argument_exception","reason":"Can't parse [index] value [not_analyzed] for field [SourceModuleType], expected [true] or [false]"}}>
2018-07-17_09:19:08.92137 ERROR [Messages] Failed to index [1] messages. Please check the index error log in your web interface for the reason. Error: One or more of the items in the Bulk request failed, check BulkResult.getItems() for more information.
2018-07-17_09:19:19.31467 INFO  [DashboardWidgetsResource] Updated widget <9655e13d-4c45-488e-9367-bd9f5497a0a6> on dashboard <5b4c8c06636311037456feac>. Reason: REST request.

2018-07-17_09:17:50.92129 WARN  [Messages] Failed to index message: index=<graylog_0> id=<471d9b30-89a2-11e8-b6ea-005056a91822> error=<{"type":"mapper_parsing_exception","reason":"failed to parse","caused_by":{"type":"illegal_argument_exception","reason":"Can't parse [index] value [not_analyzed] for field [SourceModuleType], expected [true] or [false]"}}>
2018-07-17_09:17:50.92131 ERROR [Messages] Failed to index [1] messages. Please check the index error log in your web interface for the reason. Error: One or more of the items in the Bulk request failed, check BulkResult.getItems() for more information.
2018-07-17_09:18:03.92156 WARN  [Messages] Failed to index message: index=<graylog_0> id=<4edddbf0-89a2-11e8-b6ea-005056a91822> error=<{"type":"mapper_parsing_exception","reason":"failed to parse","caused_by":{"type":"illegal_argument_exception","reason":"Can't parse [index] value [not_analyzed] for field [SourceModuleType], expected [true] or [false]"}}>
2018-07-17_09:18:03.92163 ERROR [Messages] Failed to index [1] messages. Please check the index error log in your web interface for the reason. Error: One or more of the items in the Bulk request failed, check BulkResult.getItems() for more information.
2018-07-17_09:18:07.92266 WARN  [Messages] Failed to index message: index=<graylog_0> id=<514035f1-89a2-11e8-b6ea-005056a91822> error=<{"type":"mapper_parsing_exception","reason":"failed to parse","caused_by":{"type":"illegal_argument_exception","reason":"Can't parse [index] value [not_analyzed] for field [SourceModuleType], expected [true] or [false]"}}>
2018-07-17_09:18:07.92269 ERROR [Messages] Failed to index [1] messages. Please check the index error log in your web interface for the reason. Error: One or more of the items in the Bulk request failed, check BulkResult.getItems() for more information.
2018-07-17_09:18:09.92146 WARN  [Messages] Failed to index message: index=<graylog_0> id=<527162f0-89a2-11e8-b6ea-005056a91822> error=<{"type":"mapper_parsing_exception","reason":"failed to parse","caused_by":{"type":"illegal_argument_exception","reason":"Can't parse [index] value [not_analyzed] for field [SourceModuleType], expected [true] or [false]"}}>
2018-07-17_09:18:09.92152 ERROR [Messages] Failed to index [1] messages. Please check the index error log in your web interface for the reason. Error: One or more of the items in the Bulk request failed, check BulkResult.getItems() for more information.
2018-07-17_09:18:22.92261 WARN  [Messages] Failed to index message: index=<graylog_0> id=<5a37e540-89a2-11e8-b6ea-005056a91822> error=<{"type":"mapper_parsing_exception","reason":"failed to parse","caused_by":{"type":"illegal_argument_exception","reason":"Can't parse [index] value [not_analyzed] for field [SourceModuleType], expected [true] or [false]"}}>
2018-07-17_09:18:22.92265 ERROR [Messages] Failed to index [1] messages. Please check the index error log in your web interface for the reason. Error: One or more of the items in the Bulk request failed, check BulkResult.getItems() for more information.
2018-07-17_09:18:26.92270 WARN  [Messages] Failed to index message: index=<graylog_0> id=<5c958450-89a2-11e8-b6ea-005056a91822> error=<{"type":"mapper_parsing_exception","reason":"failed to parse","caused_by":{"type":"illegal_argument_exception","reason":"Can't parse [index] value [not_analyzed] for field [SourceModuleType], expected [true] or [false]"}}>
2018-07-17_09:18:26.92271 ERROR [Messages] Failed to index [1] messages. Please check the index error log in your web interface for the reason. Error: One or more of the items in the Bulk request failed, check BulkResult.getItems() for more information.
2018-07-17_09:18:28.92152 WARN  [Messages] Failed to index message: index=<graylog_0> id=<5dc6b150-89a2-11e8-b6ea-005056a91822> error=<{"type":"mapper_parsing_exception","reason":"failed to parse","caused_by":{"type":"illegal_argument_exception","reason":"Can't parse [index] value [not_analyzed] for field [SourceModuleType], expected [true] or [false]"}}>
2018-07-17_09:18:28.92158 ERROR [Messages] Failed to index [1] messages. Please check the index error log in your web interface for the reason. Error: One or more of the items in the Bulk request failed, check BulkResult.getItems() for more information.
2018-07-17_09:18:34.92327 WARN  [Messages] Failed to index message: index=<graylog_0> id=<615a3851-89a2-11e8-b6ea-005056a91822> error=<{"type":"mapper_parsing_exception","reason":"failed to parse","caused_by":{"type":"illegal_argument_exception","reason":"Can't parse [index] value [not_analyzed] for field [SourceModuleType], expected [true] or [false]"}}>
2018-07-17_09:18:34.92333 WARN  [Messages] Failed to index message: index=<graylog_0> id=<615a8672-89a2-11e8-b6ea-005056a91822> error=<{"type":"mapper_parsing_exception","reason":"failed to parse","caused_by":{"type":"illegal_argument_exception","reason":"Can't parse [index] value [not_analyzed] for field [SourceModuleType], expected [true] or [false]"}}>
2018-07-17_09:18:34.92336 WARN  [Messages] Failed to index message: index=<graylog_0> id=<615aad80-89a2-11e8-b6ea-005056a91822> error=<{"type":"mapper_parsing_exception","reason":"failed to parse","caused_by":{"type":"illegal_argument_exception","reason":"Can't parse [index] value [not_analyzed] for field [SourceModuleType], expected [true] or [false]"}}>
2018-07-17_09:18:34.92339 ERROR [Messages] Failed to index [3] messages. Please check the index error log in your web interface for the reason. Error: One or more of the items in the Bulk request failed, check BulkResult.getItems() for more information.
2018-07-17_09:18:43.92134 WARN  [Messages] Failed to index message: index=<graylog_0> id=<66b7f801-89a2-11e8-b6ea-005056a91822> error=<{"type":"mapper_parsing_exception","reason":"failed to parse","caused_by":{"type":"illegal_argument_exception","reason":"Can't parse [index] value [not_analyzed] for field [SourceModuleType], expected [true] or [false]"}}>
2018-07-17_09:18:43.92136 ERROR [Messages] Failed to index [1] messages. Please check the index error log in your web interface for the reason. Error: One or more of the items in the Bulk request failed, check BulkResult.getItems() for more information.
2018-07-17_09:18:47.92252 WARN  [Messages] Failed to index message: index=<graylog_0> id=<691a7910-89a2-11e8-b6ea-005056a91822> error=<{"type":"mapper_parsing_exception","reason":"failed to parse","caused_by":{"type":"illegal_argument_exception","reason":"Can't parse [index] value [not_analyzed] for field [SourceModuleType], expected [true] or [false]"}}>
2018-07-17_09:18:47.92258 ERROR [Messages] Failed to index [1] messages. Please check the index error log in your web interface for the reason. Error: One or more of the items in the Bulk request failed, check BulkResult.getItems() for more information.
2018-07-17_09:18:49.92246 WARN  [Messages] Failed to index message: index=<graylog_0> id=<6a4b7f03-89a2-11e8-b6ea-005056a91822> error=<{"type":"mapper_parsing_exception","reason":"failed to parse","caused_by":{"type":"illegal_argument_exception","reason":"Can't parse [index] value [not_analyzed] for field [SourceModuleType], expected [true] or [false]"}}>
2018-07-17_09:18:49.92248 WARN  [Messages] Failed to index message: index=<graylog_0> id=<6a4b7f02-89a2-11e8-b6ea-005056a91822> error=<{"type":"mapper_parsing_exception","reason":"failed to parse","caused_by":{"type":"illegal_argument_exception","reason":"Can't parse [index] value [not_analyzed] for field [SourceModuleType], expected [true] or [false]"}}>
2018-07-17_09:18:49.92250 ERROR [Messages] Failed to index [2] messages. Please check the index error log in your web interface for the reason. Error: One or more of the items in the Bulk request failed, check BulkResult.getItems() for more information.
2018-07-17_09:18:58.92254 WARN  [Messages] Failed to index message: index=<graylog_0> id=<6faaec61-89a2-11e8-b6ea-005056a91822> error=<{"type":"mapper_parsing_exception","reason":"failed to parse","caused_by":{"type":"illegal_argument_exception","reason":"Can't parse [index] value [not_analyzed] for field [SourceModuleType], expected [true] or [false]"}}>
2018-07-17_09:18:58.92256 ERROR [Messages] Failed to index [1] messages. Please check the index error log in your web interface for the reason. Error: One or more of the items in the Bulk request failed, check BulkResult.getItems() for more information.
2018-07-17_09:19:02.92268 WARN  [Messages] Failed to index message: index=<graylog_0> id=<720afc70-89a2-11e8-b6ea-005056a91822> error=<{"type":"mapper_parsing_exception","reason":"failed to parse","caused_by":{"type":"illegal_argument_exception","reason":"Can't parse [index] value [not_analyzed] for field [SourceModuleType], expected [true] or [false]"}}>
2018-07-17_09:19:02.92276 ERROR [Messages] Failed to index [1] messages. Please check the index error log in your web interface for the reason. Error: One or more of the items in the Bulk request failed, check BulkResult.getItems() for more information.
2018-07-17_09:19:06.92125 WARN  [Messages] Failed to index message: index=<graylog_0> id=<746d5671-89a2-11e8-b6ea-005056a91822> error=<{"type":"mapper_parsing_exception","reason":"failed to parse","caused_by":{"type":"illegal_argument_exception","reason":"Can't parse [index] value [not_analyzed] for field [SourceModuleType], expected [true] or [false]"}}>
2018-07-17_09:19:06.92126 ERROR [Messages] Failed to index [1] messages. Please check the index error log in your web interface for the reason. Error: One or more of the items in the Bulk request failed, check BulkResult.getItems() for more information.
2018-07-17_09:19:08.92136 WARN  [Messages] Failed to index message: index=<graylog_0> id=<759e8370-89a2-11e8-b6ea-005056a91822> error=<{"type":"mapper_parsing_exception","reason":"failed to parse","caused_by":{"type":"illegal_argument_exception","reason":"Can't parse [index] value [not_analyzed] for field [SourceModuleType], expected [true] or [false]"}}>
2018-07-17_09:19:08.92137 ERROR [Messages] Failed to index [1] messages. Please check the index error log in your web interface for the reason. Error: One or more of the items in the Bulk request failed, check BulkResult.getItems() for more information.
2018-07-17_09:19:19.31467 INFO  [DashboardWidgetsResource] Updated widget <9655e13d-4c45-488e-9367-bd9f5497a0a6> on dashboard <5b4c8c06636311037456feac>. Reason: REST request.

Ok
There is an example how to collect DHCP events using nxlog

Thanks. This is weird. I see the counters going up. Meaning messages are received but I can’t see any in Graylog.

Try rotating the active write index (System / Indices / Index Set / Maintenance).

http://docs.graylog.org/en/2.4/pages/configuration/index_model.html

Brilliant!!!
Works!

Now I have to learn how to better parse the messages but I will work on that.

You saved me. :]

One quick question though - Once enabled, I get a warning:

Elasticsearch cluster is yellow. Shards: 8 active, 0 initializing, 0 relocating, 4 unassigned

Is there any way I can solve this quickly?

How many Elasticsearch nodes are you running?
If you’re only running a single Elasticsearch node, you have to disable shard replicas.

http://docs.graylog.org/en/2.4/pages/configuration/index_model.html#index-set-configuration

I only have one node. Can I disable by changing the following (from 4) in the graylog.conf file?
elasticsearch_shards = 0

No. Read the documentation section I’ve linked to.

Thank you. Now it’s all green.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.