Graylog / ElasticSearch Index Error - Graylog Dead

theSpawn · April 3, 2018, 5:41am

how can I identify the “problem messages” or find the messages?

the input which I have identified with some playing around (starting and stoping) should be the GELF input TCP, but I don’t can’t find the problem messages, if i check “show received messages”. there are also no empty messages dropped.

it also looks like as the problem messages can’t be many. the input receives about 200 to 12.000 messages per sec and only shows every few seconds a problem within parsin.

theSpawn · April 3, 2018, 8:09am

I’ve tried to idenitfy the problem messages via the Letter-ID (example: e1d09650-371311e8-a23f-f403433d1b68) and the graylog-api browser "Messages: Single Messages / /message/§index}/§messageid} but always got the error, that he couldn’t find it.

{
“type”: “ApiError”,
“message”: “Message 1193e9a6-3714-11e8-a23f-f403433d1b68 does not exist in index graylog_144”
}

Is there any way to do the following tasks:

verify the input, where the problem messages are received
identifiy the problem messages within graylog-GUI or REST-API
Show connected Clients on GELF Input (only X connections are active is shown, but not which exactly)

I still have also the problem with the “wrong graylog-pipeline-processor-plugin”. on the filesystem it is shown as version 2.4.3 (like graylog), but in the GUI, Database etc it is shown as 2.2.0 and I still face java parsing errors.

    at org.graylog2.syslog4j.server.impl.event.CiscoSyslogServerEvent.<init>(CiscoSyslogServerEvent.java:37) ~[graylog.jar:?]
    at org.graylog2.inputs.codecs.SyslogCodec.parse(SyslogCodec.java:128) ~[graylog.jar:?]
    at org.graylog2.inputs.codecs.SyslogCodec.decode(SyslogCodec.java:96) ~[graylog.jar:?]
    at org.graylog2.shared.buffers.processors.DecodingProcessor.processMessage(DecodingProcessor.java:150) ~[graylog.jar:?]
    at org.graylog2.shared.buffers.processors.DecodingProcessor.onEvent(DecodingProcessor.java:91) [graylog.jar:?]
    at org.graylog2.shared.buffers.processors.ProcessBufferProcessor.onEvent(ProcessBufferProcessor.java:74) [graylog.jar:?]
    at org.graylog2.shared.buffers.processors.ProcessBufferProcessor.onEvent(ProcessBufferProcessor.java:42) [graylog.jar:?]
    at com.lmax.disruptor.WorkProcessor.run(WorkProcessor.java:143) [graylog.jar:?]
    at com.codahale.metrics.InstrumentedThreadFactory$InstrumentedRunnable.run(InstrumentedThreadFactory.java:66) [graylog.jar:?]
    at java.lang.Thread.run(Thread.java:748) [?:1.8.0_151]

theSpawn · April 9, 2018, 8:48am

any idea with the graylog-processor-pipeline or java-errors?

how can I see the error messages?

theSpawn · April 18, 2018, 7:22am

can I please get an Info, how I can identify the Problem messages?

system · May 2, 2018, 7:22am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Graylog not processing messages after crash (ran out of space) Graylog Central (peer support)	5	3577	April 20, 2020
Could not execute search(Index not found for query) Graylog Central (peer support)	5	8595	August 12, 2019
Problem with unprocessed messages in inputs and index Graylog Central (peer support)	5	663	March 19, 2020
View log error,help me please Graylog Central (peer support)	11	925	May 12, 2021
Graylog Updating Search Results Graylog Central (peer support)	10	1545	June 21, 2018

Graylog / ElasticSearch Index Error - Graylog Dead

Related topics