Not able to start the stream log via API

som · April 17, 2017, 9:48am

Hello,
I am using Graylog docker and trying to create the stream and starting it via service file.
I am creating the streams entry in the mongoDB as follows in ExecStartPost: (Following snippet is part of my service file)

ExecStartPost = /bin/bash -c "sleep 40;docker exec -i d_mongo mongo graylog --eval 
ID=ObjectId();db.streams.insert({\"_id\":ID,\"creator_user_id\" : \"admin\", \"matching_type\" : \"OR\", \"description\" : \"\",\"disabled\" : false, \"title\" : \"All Logs\",\"content_pack\" : null,\"created_at\":new ISODate()});db.streamrules.insert({\"field\" : \"container_name\",\"stream_id\" : ID,\"description\" : \"\", \"type\" : 2,\"inverted\" : false, \"value\" : \"*.*\"});"

And starting the streams via API as follows in ExecStartPost

ExecStartPost=/bin/bash -c   "sleep 70; docker exec -i d_graylog  curl  -u XX:XXXX -g -X POST http://127.0.0.1/api/streams/`curl  -u XX:XXXX -X GET  http://127.0.0.1/api/streams  | sed 's/{.*stream_id\":\"*\([0-9a-zA-Z]*\)\"*,*.*}/\1/'`/resume"

Since commands in ExecStartPost starts simultaneously, so I have given proper sleep command so that one start after the other.

When the docker starts, I see the following exception in the GrayLog’s log.

 ERROR: org.graylog2.streams.StreamRouter - Stream router engine update failed!
 java.lang.ClassCastException: java.lang.Double cannot be cast to java.lang.Integer
at org.graylog2.streams.StreamRuleImpl.getType(StreamRuleImpl.java:61) ~[graylog.jar:?]
 at org.graylog2.streams.StreamRouterEngine$Rule.<init>(StreamRouterEngine.java:240) ~[graylog.jar:?]
 at org.graylog2.streams.StreamRouterEngine.<init>(StreamRouterEngine.java:91) ~[graylog.jar:?]
 at org.graylog2.streams.StreamRouterEngine$$FastClassByGuice$$c6190f39.newInstance(<generated>) ~[graylog.jar:?]
 at com.google.inject.internal.DefaultConstructionProxyFactory$FastClassProxy.newInstance(DefaultConstructionProxyFactory.java:89) ~[graylog.jar:?]
at com.google.inject.internal.ConstructorInjector.provision(ConstructorInjector.java:111) ~[graylog.jar:?]
 at com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:90) ~[graylog.jar:?]
 at com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:268) ~[graylog.jar:?]
at com.google.inject.internal.InjectorImpl$2$1.call(InjectorImpl.java:1019) ~[graylog.jar:?]
at com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java:1085) ~[graylog.jar:?]
at com.google.inject.internal.InjectorImpl$2.get(InjectorImpl.java:1015) ~[graylog.jar:?]
at com.google.inject.assistedinject.FactoryProvider2.invoke(FactoryProvider2.java:776) ~[graylog.jar:?]
at com.sun.proxy.$Proxy73.create(Unknown Source) ~[?:?]
at org.graylog2.streams.StreamRouter$StreamRouterEngineUpdater.getNewEngine(StreamRouter.java:124) ~[graylog.jar:?]
 at org.graylog2.streams.StreamRouter$StreamRouterEngineUpdater.run(StreamRouter.java:109) [graylog.jar:?]
 at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) [?:1.8.0_102]
at java.util.concurrent.FutureTask.run(FutureTask.java:266) [?:1.8.0_102]
 at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180) [?:1.8.0_102]
 at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293) [?:1.8.0_102]
 at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [?:1.8.0_102]
 at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [?:1.8.0_102]
at java.lang.Thread.run(Thread.java:745) [?:1.8.0_102]

Now if i visit the Graylog UI, I see that stream which i have created is in resume state but i don’t see any logs coming. Then I open the stream rules and just save it without doing any modification and the stream starts getting the data.
Not sure where I am going wrong.

jochen · April 18, 2017, 7:20am

Please use content packs and the content pack autoloader for automatically creating streams (and other entities) in Graylog on startup.

github.com

Graylog2/graylog2-server/blob/2.2.3/misc/graylog.conf#L540-L549


# Automatically load content packs in "content_packs_dir" on the first start of Graylog.
#content_packs_loader_enabled = true


# The directory which contains content packs which should be loaded on the first start of Graylog.
#content_packs_dir = data/contentpacks


# A comma-separated list of content packs (files in "content_packs_dir") which should be applied on
# the first start of Graylog.
# Default: empty
content_packs_auto_load = grok-patterns.json

Manually editing the MongoDB database is explicitly discouraged.

Topic		Replies	Views
Graylog not starting in Docker Graylog Central (peer support)	8	2358	February 3, 2020
Graylog not startet Graylog Central (peer support)	6	939	March 21, 2019
Docker Graylog 2.3 Issues Graylog Central (peer support)	3	1972	August 22, 2017
Can't get docker graylog up and running Graylog Central (peer support)	3	6528	January 2, 2019
Cp: cannot create regular file/ Permission Denied in Docker Compose file Graylog Central (peer support)	3	5012	April 18, 2021

Not able to start the stream log via API

Related Topics