Loading field information failed with status: cannot GET http://x.x.x.x:9000/api/system/fields (500)

Graylog Central (peer support)
, ,
21

Whit point one and three I will manage myself. The problem will be for me point two. I understand that I need to refer to the documentation of these programs, but is it enough?

22

No, I meant that you may need to adjust the elastic and mongo URI in the Graylog server.conf.

23

No, I meant that you may need to adjust the elastic and mongo URI in the Graylog server.conf.

Only if you change the settings apart from the default - when running all on one box.

MongoDB by default listen on localhost only. Elasticsearch by default listen on localhost only. That is the reason Graylog default for both settings is - try localhost.

Only if your MongoDB or Elasticsearch is NOT running on localhost you need to change that.

If you just follow the step-by-step guide and have all running on one box you will have a working solution.

1 Like
24

BAM! The hero we need, but not deserve :slight_smile:

25

One again I used Ubuntu 18.04 and do step by step from this tutorial: http://docs.graylog.org/en/2.4/pages/installation/os/ubuntu.html
And… it’s alive. I see logs from another place using nxlog but have another problem…
The logs look like that …

2018-11-26_09h18_40
2018-11-26_09h18_40.png1412×202 14.2 KB

26

Whelp that looks like a mismatch in encoding (Unicode, UTF, whatever).

27

+1
I have seen something simmilar when the client use utf16 instead of utf8
With tcpdump you can check the content of the package before the graylog process it. If you see something simmilar, your client have a problem, not the graylog.

1 Like
28

What program to gather logs from host on windows are you used?

29

I personal would use winlogbeat for the windows event logs and filebeat for any other additional logfile I would like to slurp.

1 Like
30

That has been my approach as well. And because the Graylog Sidecar collector neatly packages up those things for Windows, that’s what I’ve grabbed. the added benefit is that the Collector config can be handled mostly from the Graylog GUI. I say “mostly” because to my knowledge I haven’t found a way to adjust the subscribed tags in the sidecar_collector.yml through the Graylog GUI.

31

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.