Before you post: Your responses to these questions will help the community help you. Please complete this template if you’re asking a support question. Don’t forget to select tags to help index your topic!
1. Describe your incident:
After working install of graylog, integration with Grafana is not possible collect data. It’s authenticated on Grafana using opensearch plugin but the message “Index OK. Note: No date field named @timestamp found”. And no matter parameters on metrics nothing works.
2. Describe your environment:
OS Information: CentOs 10 in a VM hyper-v
Package Version:
Service logs, configurations, and environment variables:
3. What steps have you already taken to try and solve the problem?
@timestamp Isn’t a mandatory field in Graylog indices, this is the default setting for the OpenSearch plugin in Grafana, try using timestamp instead as that is manadatory in Graylog.
Hy!
I’ve done that before. The data just is not coming. I don’t know more what to do. I’ve try to install de opensearch directly without datanode and the same result. Can get the right version from Grafana, having index confirmed but could not reach the logs from syslog udp input from a Debian VM on hyper-v.
Follow one appended because i’m new on chat .I’d change metrics and try to make a dashboard too. The thing is @timestamp or timestamp not works, and no more options appears to create a dashboard. I just need to create one which shows quantity of log per switch through the time for example.
I think the message is a bit of a red herring. Graylog does not have any indices that start with “metrics-”, so it’s always going to error out as no data or index exists.
You need to set your index prefixes in the index name setting in a comma separated list, for example here I have the Illumnate Cisco message indices and the default index selected and you must use timestamp as the time field to query the logs.
Note you only want the indices that you actually have set in the index name setting otherwise in your Grafana query you always have to query specific indices with a lucene query like: _index:graylog_1
Very good, I’d follow a post on opensearch page and use that index just to test thinking that was default. I needed to log HPE switchs, how do i discovery the rigth index to use? Is there a list to consult?
When you are searching in Graylog, if you expand any message, you will see the “Stored in index” If you didn’t create any custom index sets you should put graylog_*; otherwise, if you made your own index sets then you should put in whatever prefix you set for those indices.
For most Graylog created indices something like graylog_*,gl_* would work which would cover the default index set and any illuminate created indices.
