How to Post a Question in the Community that Gets Responses

This platform is made with love for community discussions on the open source tool Graylog, it components and usage.

Here’s a Graylog support-inspired template (thank you, @aaronsachs ) that’ll get responses:

Description of your problem

<!-- Use this section to describe the problem that you're encountering. Please include any screenshots or recordings of the problem you're running into.-->

Description of steps you’ve taken to attempt to solve the issue

<!-- Use this section to provide detailed steps of what you've done so far to attempt to solve your problem so that the community knows how to help-->

Environmental information

Operating system information

<!--Please select the operating system that you're using Graylog on-->

  • RHEL
  • CentOS
  • Ubuntu
  • Debian
  • Containers (e.g., Docker, Kubernetes, etc.)
  • FreeBSD
  • Windows
  • Other (e.g., using config management like Chef, Puppet, Ansible or Salt to deploy Graylog)

Package versions

<!--Please provide the package versions for all installed Graylog, MongoDB, and Elasticsearch packages-->

  • Graylog
  • MongoDB
  • Elasticsearch

Service logs, configuration, and environment variables

NOTE : When posting log output or code snippets (e.g., JSON, YAML, etc.), please surround your code with three backticks like so:

Your code goes here

For longer code or configuration bits, please enclose your snippet in a summary block like this:

Summary of your code snippet or config here
Your code goes inside the triple backticks

We have grown as an international community. Please respect the one and only forum rule: Use English as language.

Format topics with Markdown

New topics can be written using the editor in Markdown. There are many things you can and should do to improve readability with better formatting.

Code, Configuration, Logs, Shell Output should be formatted with surrounding three backticks in a new line like this:

is_master = true
node_id_file = /etc/graylog/server/node-id
password_secret = password_secret
root_username = admin

More tips on Markdown and general writing can be found here.

Improve the Conversation

Treat this place like you would walk into a public park. Treat everyone with respect, even if someone disagrees on your opinion. Listen what others suggest and learn from their experience.

Create a new thread for your question with your own details. Older threads might not necessarily fit, and also requires others to scroll and read history to fully understand if your issue is the same.

Keep it friendly and relaxed

Please hide frustration when asking a question here. A message which adds negative items feels different to a clear-cut problem description. Think about the other side and their feelings about your tone.


Please don’t stress it if answers take their time. We are human beings with our day job, and try to help you for free. Don’t be impolite and force one with a private message, keep it public and wait for an answer.

If you need faster professional support from an enterprise partner, please consult the project’s websites.

Things to keep in mind:

  • Be civil. Don’t post anything that one would consider offensive, abusive, or hate speech.
  • Respect each other. Don’t harass or grief anyone, impersonate people, or expose their private information.
  • Respect our forum. Don’t post spam or otherwise vandalize the forum.
  • Choose the right category. A question for #addons does not fit into #graylog.

This is a public forum, and search engines index these discussions. Keep the language, links, and images safe for family and friends.

Before you ask your question

  • Use Google and the search. Maybe a similar thread already solves your problem.
  • Does the documentation provide a troubleshooting guide already? Try that first and add your findings here.
  • If you think you’ve hit a bug, look into the upstream GitHub project if it already exists and link it in your post.

Please make sure to include every little detail in your question. This helps community members to analyse your problem. They do not need to ask again to find out more about your issue.

Sometimes a screenshot or a handcrafted overview picture help even more to understand what you mean.


Please also ensure that your posting is properly formatted and readable for others. More hints on Markdown can be found here.

Details you should always include

  • Which documentation source did you use (URL, short quote).
  • Distribution name and its version (/etc/os-release or /etc/*-release or /etc/*-version) of any involved host.
  • Software versions (<applicationname> --version or web application - About).
  • Additional dependencies (php -v, ruby -v, python -V, etc.).
  • Installation method and download source (packages, or source, and if Git, git show -1).


yum info graylog-server 
apt-cache showpkg graylog-server 
zypper info graylog-server 

Steps to reproduce or understand the question

  • Configuration files you’ve edited (their content formatted with code tags, their location on disk).
  • Cluster and HA related configuration details.
  • Order of things, e.g. notification was triggered, corresponding debug log entries, your analysis.
  • Which steps are needed to reproduce the problem standalone in a local environment, e.g. Docker or a (Vagrant) VM?


Keep your private details safe. Remove passwords, credentials, etc. and obfuscate host names from your company environment.

Add the things you’ve tried already

  • Configuration changes which did not work - they could explain your idea.
  • Docs and howtos you’ve found, but they do not match 100%.
  • If it could be a bug, did you try a snapshot package or attempted to fix it already?


Do your homework and describe your idea in detail. Don’t throw something and ask for a ready-to-use solution.

Learn from others

Community members will help you to learn about all the tools we use and love. Please understand that you won’t get copy-paste solutions all the time. The more you are willing to invest into your learning curve, the more you will benefit later on :heart_eyes:

Helping others and learning new things is a good feeling. If you think the same, come back here on a regular basis and add your help and opinion. This is what matters most in our community. Others will honour that, making you the Graylog expert.

Powered by You

This site is operated by your friendly local staff and you, the community. If you have any further questions about how things should work here, open a new topic in the site feedback category and let’s discuss! If there’s a critical or urgent issue that can’t be handled by a meta topic or flag, contact us via the staff page.

Terms of Service

Yes, legalese is boring, but we must protect ourselves – and by extension, you and your data – against unfriendly folks. We have a Terms of Service describing your (and our) behavior and rights related to content, privacy, and laws. To use this service, you must agree to abide by our TOS.

Log Integration (Imperva / Incapsula logs to Graylog)
Failed to parse field with format date_time
Unable to perform search query: failed to parse date field in Graylog 4.1 update
Big messages are not getting through
N/A in dashboard widgets
Versioncheck = false not working, how to disable versioncheck
Elasticsearch service down
How to do aggregation by API in 4.x
Service shown as source
Nxlog on windows 2012 not working
The Graylog-server service is not running
(Solved) Graylog Stream shows 12hours ago only
Fail to import Content Packs from ver Graylog 2.4.3 to Graylog 4.2.1
Recovering a corrupted mongodb database
Graylog Web GUI Issue
Rsyslog streaming doesn't work
How to set email alert to send the logs or specific logs to a email using my email?
Client log location
Question about Graylog nodes and processing logs
HTTPS does not work but it also spoils HTTP
Split huge message to multiple small
How to access the Graylog without the port number?
Collecting Bitdefender Gravityzone Logs
com.mongodb.BasicDBObject cannot be cast to [B
Graylog logs limit reach 5 GB limit
Add curl command in graylog start-up
Elasticsearch exception reason=all shards failed
Web gui graylog
Search by IP returns non-matching records
Finding if a users IP changes
How to make sure that the logs are sent in Graylog by TCP
New messages are not recorded
Cisco Anyconnect session logs convert session duration to value that can be summed up
Netapp extractor
Stix/taxii support
Domain name in source field
Post new message via RestAPI with Python
WARN o.g.g.n.t.TCPNIOTransport [grizzly-nio-kernel(1) SelectorRunner] GRIZZLY0004: Can not set TCP_NODELAY to true
Elasticsearch exception
How can i add cron expression to my graylog alert
Search Crash After upgrading to Graylog 4.2.1
How do I send Logdata of HP-UX OS
Can't install any content packs
New AD/LDAP users not synched with Graylog
Windows logs + SIdecar + Nxlog
Getting issue during running a api command
I can't start Graylog container after trying to update to 4.2.1
10% of logs split - netcat and JSON
Reports not saving selected widgets or not able to choose different widgets
Monitoring a docker container
Threat Intelligence Plugin Rules
Extract logs from a json array
Graylog 4.2, ES Cluster, with 3 Master only nodes
Email Alert has wrong timestamp in the "Timestamp" field
Traffic load balance
Logs of a source using api
Error connection for graylog to local ldap server
Loading Events information…
Graylog 4.2 with openID connect
Tips document on how to ask questions in the Community