I’m using Graylog v3.2.4 with a nginx proxy using ubuntu 18.04 on google cloud. I’m fairly new to this and have made progress but cannot compete the setup.
I’ve got the instance up and running on the web and am following the step-by-step guide found here:
I get to the part that reads:
Next we need to assign our newly created configuration (and therefore the Filebeat collector) to our sidecar. Go to the
Collector Administration page.
However, when I go to the Collector Administration page as the instructions say, I get an empty screen with nothing to select from.
I’ve searched for help on this but everything I find is for older versions. I’m using the sidecar 1.0.x and filebeat 7.6.2.
Check these great resources:
Graylog is a leading centralized log management solution built to open standards for capturing, storing, and enabling real-time analysis of terabytes of machine data. We deliver a better user experience by making analysis ridiculously fast,...
Until you have something set up with beats/nxlog reporting in to your properly set up INPUT, you won’t see it listed in Administration. Check your sidecar client side configuration - there are log file in there that will tell you what it’s doing… or trying to do. Details on all that in the links shoothub gave you.
OK, got it!
Unfortunately it looks like my filebeat configuration is incorrect as I now get:
logstash/async.go:256 Failed to publish events caused by: write tcp 10.100.2.137:51752->184.108.40.206:5044: write: broken pipe
There are some posts around for working filebeat configurations - I think I posted one a while back… something to compare to that might help find where the error is (Mine are for windows).
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.