Graylog outputs

Srumith · 2018-02-07 11:03:26 UTC

Hi Team

How to restrict graylog to output the messages from only one stream using graylog outputs?

Thanks
Srumith.

jochen · 2018-02-07 11:58:34 UTC

You would create an output only for the desired stream.

Srumith · 2018-02-07 12:00:43 UTC

Did the same.
But still I find the messages related to other streams.
Is there any flag kind of thing which I need to enable/disable?

jochen · 2018-02-07 12:03:26 UTC

Please elaborate in greater detail what exactly you mean with that.

Srumith · 2018-02-07 12:10:20 UTC

Sure.
I have two streams Stream A and Stream B.
Configured an output called Output A with destination as Kibana for Stream A
In Kibana, I have configured elasticURL as http://<host>:9200/.
Now, when I check Kibana, I have messages related to Stream A and Stream B.
I am not expecting messages related to Stream B on Kibana.

jochen · 2018-02-07 12:10:40 UTC

What output have you configured exactly and what’s the configuration?

Srumith · 2018-02-07 12:14:24 UTC

Gelf Output I have configured. Following is the configuration -

connect_timeout: 1000
hostname: ##.##.##.##
max_inflight_sends: 512
port: 5601
protocol: TCP
queue_size: 512
reconnect_delay: 500
tcp_keep_alive: false
tcp_no_delay: false
tls_trust_cert_chain:
tls_verification_enabled: false

jochen · 2018-02-07 12:45:21 UTC

That looks like a GELF output. Where exactly are you sending the messages and what is the recipient doing with them?

Srumith · 2018-02-07 12:58:24 UTC

Sending messages to Kibana.
I actually have metrics and logs reported to graylog.
I want only metrics to get forwarded from Graylog to Kibana, so that I can visualize them.
5601 is the Kibana port I have configured for Gelf Output.
And I am connecting to Elastic directly from Kibana, giving elasticsearch url as 9200.

Or if you want us to rephrase the question - how to configure output in graylog for a particular stream and forward messages to Kibana?

jochen · 2018-02-07 13:04:35 UTC

Kibana is a frontend for Elasticsearch, it doesn’t receive or process messages itself.
So where exactly are you sending the messages with the GELF output?
Hint: It has to be something with a GELF input.

Srumith · 2018-02-08 05:49:52 UTC

Correct.
So can I forward specific stream data from Graylog to another elasticsearch instance using Graylog Outputs?

jochen · 2018-02-08 08:38:59 UTC

You could do that if you have a receiver reading GELF messages and writing them into Elasticsearch.

You could use Logstash (with GELF input and Elasticsearch output) for that.

system · 2018-02-22 08:39:19 UTC

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.