I’m new to Graylog. Our CTO is insisting on using Graylog for our log centralization, so I have to learn it. I have been tasked with documenting the processes for getting each type of system, so I’ve been going through your documentation, but it has been extremely hard to follow. I was able to build a Graylog server as a VM on my workstation, and then build Ubuntu VM for a client to send it logs, but I’m not able to follow all the processes to get that set up because everything is spread all over the place, and it doesn’t seem to be in any particular order. I see all the sections on streams and extractors and rules and dashboards, but they give a basic rundown without any mention of where their interdependencies are. I’m not able to really follow any of it because I don’t see any frame of reference for each piece.
It would be nice to have some sort of documentation on what ALL needs to be done, and in what order, to be able to get logs to the Graylog server and be able to parse and follow them and search them.
Then there’s the little matter that it seems just installing Ubuntu Server 16.04.2 and then installing the Sidecar client and installing it doesn’t seem to work right. I get a “[filebeat] Backend finished unexpectedly, trying to restart” error upon starting. It’s a fully clean VM, so there shouldn’t be anything interfering. I’ll probably start a different thread on that, though.