Search - No Messages not pulling through


(Charles ) #1

i can see messages indexed , but i am not seeing messages on the search console



(Jan Doberstein) #2
  • What exactly did you want to get done?
  • What exactly did you configured?
  • How did you come to the conclusion?
  • What would you expect?

Other might need some of the following to help you:

  • configuration files
  • logfiles

(Charles ) #3

What exactly did you want to get done?

  • i am expecting to see the complete logs on the search
    What exactly did you configured?
  • i configured rsyslog on one server and collector-sidecar on another server
    How did you come to the conclusion?
  • i did a global search and only see basic results, i want to see the complete log entries
    What would you expect?
  • what is showing on the logs to show on the search results
    Other might need some of the following to help you:

configuration files

#
# l:
#
# 

#rsyslog v4 config file

# provides support for local system logging (e.g. via logger command)
$ModLoad imuxsock

# provides kernel logging support (previously done by rklogd)
$ModLoad imklog

# provides --MARK-- message capability
$ModLoad immark.so

$MarkMessagePeriod 300 # mark messages appear every 5 minutes

#
# Set the default permissions for all log files.
#
$umask 0022
$DirCreateMode 0755
$FileCreateMode 0644
$FileOwner root
$FileGroup root
$DirOwner root
$DirGroup root

$IncludeConfig /etc/rsyslog.d/*.conf



# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.*             /dev/console

# The authpriv file has restricted access.
authpriv.*            /var/log/secure

# Log all the mail messages in one place.
mail.*              -/var/log/maillog

# Log cron stuff
cron.*              /var/log/cron

# Save news errors of level crit and higher in a special file.
uucp,news.crit            /var/log/spooler


# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;local6.none;mail.none;authpriv.none;cron.none	/var/log/messages;RSYSLOG_TraditionalFileFormat
*.emerg							*
# Save boot messages also to boot.log
local7.*						/var/log/boot.log

# GIS Relaying
auth,authpriv.*						@logsec-udp.int.com:51528

*.* @@Graylog;RSYSLOG_SyslogProtocol23Format

logfiles


(system) #4

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.