New lookup table not showing up for selection

h12nkhb4 · February 18, 2019, 8:45pm

Hey guys.

One of my inputs is for syslog and currently only a single fpsense box sends its firewall logs to it. I can easily pass this into its own stream. However, Graylog is not recording a hostname. I tried the rDNS setting on the input stream but no success. I have more syslog sources that need to send their logs so I am looking for a way to set the hostname on those messages.

I figured I’d make a reverse lookup table, data adapter and cache. They work fine, I can query and get results. The cache shows hits too.

I’ve made a stream based on the internal field, gl2_remote_ip. If I want to make a decorator, choose lookup table, I don’t get to choose the lookup table I created earlier.

I found one other problem but it has no solution:

Has anyone an idea what might be going on?

Thanks!

Ps. Logs show all is good too:

2019-02-18 20:32:26,027 INFO : org.graylog2.lookup.LookupTableService - Data Adapter ip2hostname/5c6b134e2ab79c000bffe238 [@37afe6b5] STARTING
2019-02-18 20:32:26,033 INFO : org.graylog2.lookup.LookupTableService - Data Adapter da_geoip/5c6ad16587d6c6000bcb947f [@c5b50c5] STARTING
2019-02-18 20:32:26,047 INFO : org.graylog.plugins.map.geoip.processor.GeoIpProcessor - Updating GeoIP resolver engine - GeoIpResolverConfig{enabled=true, dbType=MAXMIND_CITY, dbPath=/var/opt/graylog/data/GeoLite2-City.mmdb}
2019-02-18 20:32:26,238 INFO : org.graylog2.lookup.LookupTableService - Cache cache_geoip/5c6ad1cc87d6c6000bcb94f1 [@6dc1f408] STARTING
2019-02-18 20:32:26,258 INFO : org.graylog2.lookup.LookupTableService - Cache hostnames/5c6b13812ab79c000bffe271 [@4a159fc8] STARTING
2019-02-18 20:32:26,261 INFO : org.graylog2.lookup.LookupTableService - Data Adapter da_geoip/5c6ad16587d6c6000bcb947f [@c5b50c5] RUNNING
2019-02-18 20:32:26,264 INFO : org.graylog2.lookup.LookupDataAdapterRefreshService - Adding job for <da_geoip/5c6ad16587d6c6000bcb947f/@c5b50c5> [interval=86400000ms]
2019-02-18 20:32:26,285 INFO : org.graylog2.lookup.LookupTableService - Cache cache_geoip/5c6ad1cc87d6c6000bcb94f1 [@6dc1f408] RUNNING
2019-02-18 20:32:26,292 INFO : org.graylog2.lookup.LookupTableService - Cache hostnames/5c6b13812ab79c000bffe271 [@4a159fc8] RUNNING
2019-02-18 20:32:27,263 INFO : org.graylog2.lookup.LookupTableService - Data Adapter ip2hostname/5c6b134e2ab79c000bffe238 [@37afe6b5] RUNNING
2019-02-18 20:32:27,303 INFO : org.graylog2.lookup.LookupTableService - Starting lookup table lt_geoip/5c6ad20787d6c6000bcb9533 [@7523334e] using cache cache_geoip/5c6ad1cc87d6c6000bcb94f1 [@6dc1f408], data adapter da_geoip/5c6ad16587d6c6000bcb947f [@c5b50c5]
2019-02-18 20:32:27,305 INFO : org.graylog2.lookup.LookupTableService - Starting lookup table lt_hostnames/5c6b139d2ab79c000bffe292 [@6e0e6802] using cache hostnames/5c6b13812ab79c000bffe271 [@4a159fc8], data adapter ip2hostname/5c6b134e2ab79c000bffe238 [@37afe6b5]

h12nkhb4 · February 19, 2019, 8:29pm

Really no one has an idea?

blason · February 22, 2019, 4:46am

HI there,

AFAIK the field does not get added when you do decorator, so you can create those dashboards with decorators. Instead you need to use pipeline and that’s what solved my issue.

system · March 8, 2019, 4:54am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Lookup Table not selectable in Decorators Graylog Central (peer support)	3	702	April 3, 2019
Host no Longer Visible on Source Section Graylog Central (peer support)	4	2154	February 8, 2018
Geolocation / GeoIP confusion on 3.x Graylog Central (peer support)	2	1015	July 1, 2019
Syslog messages from EMC Unity not visible in Graylog Graylog Central (peer support)	4	1099	August 13, 2020
Graylog not found any syslog Graylog Central (peer support) basic-configuration , elastic	7	571	May 12, 2022

New lookup table not showing up for selection

Related Topics