New lookup table not showing up for selection

h12nkhb4 · February 18, 2019, 8:45pm

Hey guys.

One of my inputs is for syslog and currently only a single fpsense box sends its firewall logs to it. I can easily pass this into its own stream. However, Graylog is not recording a hostname. I tried the rDNS setting on the input stream but no success. I have more syslog sources that need to send their logs so I am looking for a way to set the hostname on those messages.

I figured I’d make a reverse lookup table, data adapter and cache. They work fine, I can query and get results. The cache shows hits too.

I’ve made a stream based on the internal field, gl2_remote_ip. If I want to make a decorator, choose lookup table, I don’t get to choose the lookup table I created earlier.

I found one other problem but it has no solution:

Has anyone an idea what might be going on?

Thanks!

Ps. Logs show all is good too:

2019-02-18 20:32:26,027 INFO : org.graylog2.lookup.LookupTableService - Data Adapter ip2hostname/5c6b134e2ab79c000bffe238 [@37afe6b5] STARTING
2019-02-18 20:32:26,033 INFO : org.graylog2.lookup.LookupTableService - Data Adapter da_geoip/5c6ad16587d6c6000bcb947f [@c5b50c5] STARTING
2019-02-18 20:32:26,047 INFO : org.graylog.plugins.map.geoip.processor.GeoIpProcessor - Updating GeoIP resolver engine - GeoIpResolverConfig{enabled=true, dbType=MAXMIND_CITY, dbPath=/var/opt/graylog/data/GeoLite2-City.mmdb}
2019-02-18 20:32:26,238 INFO : org.graylog2.lookup.LookupTableService - Cache cache_geoip/5c6ad1cc87d6c6000bcb94f1 [@6dc1f408] STARTING
2019-02-18 20:32:26,258 INFO : org.graylog2.lookup.LookupTableService - Cache hostnames/5c6b13812ab79c000bffe271 [@4a159fc8] STARTING
2019-02-18 20:32:26,261 INFO : org.graylog2.lookup.LookupTableService - Data Adapter da_geoip/5c6ad16587d6c6000bcb947f [@c5b50c5] RUNNING
2019-02-18 20:32:26,264 INFO : org.graylog2.lookup.LookupDataAdapterRefreshService - Adding job for <da_geoip/5c6ad16587d6c6000bcb947f/@c5b50c5> [interval=86400000ms]
2019-02-18 20:32:26,285 INFO : org.graylog2.lookup.LookupTableService - Cache cache_geoip/5c6ad1cc87d6c6000bcb94f1 [@6dc1f408] RUNNING
2019-02-18 20:32:26,292 INFO : org.graylog2.lookup.LookupTableService - Cache hostnames/5c6b13812ab79c000bffe271 [@4a159fc8] RUNNING
2019-02-18 20:32:27,263 INFO : org.graylog2.lookup.LookupTableService - Data Adapter ip2hostname/5c6b134e2ab79c000bffe238 [@37afe6b5] RUNNING
2019-02-18 20:32:27,303 INFO : org.graylog2.lookup.LookupTableService - Starting lookup table lt_geoip/5c6ad20787d6c6000bcb9533 [@7523334e] using cache cache_geoip/5c6ad1cc87d6c6000bcb94f1 [@6dc1f408], data adapter da_geoip/5c6ad16587d6c6000bcb947f [@c5b50c5]
2019-02-18 20:32:27,305 INFO : org.graylog2.lookup.LookupTableService - Starting lookup table lt_hostnames/5c6b139d2ab79c000bffe292 [@6e0e6802] using cache hostnames/5c6b13812ab79c000bffe271 [@4a159fc8], data adapter ip2hostname/5c6b134e2ab79c000bffe238 [@37afe6b5]

h12nkhb4 · February 19, 2019, 8:29pm

Really no one has an idea?

blason · February 22, 2019, 4:46am

HI there,

AFAIK the field does not get added when you do decorator, so you can create those dashboards with decorators. Instead you need to use pipeline and that’s what solved my issue.

system · March 8, 2019, 4:54am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Lookup Table not selectable in Decorators Graylog Central (peer support)	3	742	April 3, 2019
LUT not in a Decorators d/d Graylog Central (peer support)	2	497	May 13, 2019
Decorators are not working - Graylog 3.2.4 Graylog Central (peer support)	6	1722	April 17, 2020
Why my Looup Table is not appearing in Decorator Dropdown Graylog Central (peer support)	10	658	November 20, 2018
Help with lookup table decorator Graylog Central (peer support)	1	343	September 4, 2020

New lookup table not showing up for selection

Related topics