Tips for Posting Questions that Get Answers

TIPS for Posting Questions that Get Answers:

*The following is a compendium of tips to help you organize your question and have better success for getting a solution to the incident you are having. First, a short list, then some detail on how to pull and post information from your systems. *
When you create a new Topic for the community to review with you:

  1.  Search Graylog Documentation, the Graylog community forum, Google, 
    

… the answer may be out there!
2) Have a short informative subject such as:
“Post new message via RestAPI with Python”
3) Describe your environment and incident in detail in the body of the message
4) Use the forum tools when you are posting code or text to help with parsing
5) Don’t forget to ALWAYS use “optional tags” to help index your post’s topic!

Guidelines for Describing the incident and environment:

  •      What is the incident you are trying to work out?  We can only see the parts you tell us so post relevant information.  When posting code or logs as text (preferred) use the forum tools like </> shown below so it is formatted nicely.  Screen shots are helpful for non-text information.
    
  •      Helpful commands shown below to easily retrieve settings and diagnostic data.
    
  •      What have you done to try to solve your problem? Describe all steps you have already taken to resolve the incident.
    
  •      Tell a little about your environment, is it a single instance? Docker?  Show the versions of Graylog/Mongo/ElasticSearch  you are using. 
                 * Graylog 4.2.0
                 * MongoDB v4.0.27
                 * Elasticsearch 7.10.2
    

Here are some cool shortcut commands that will give you information about your environment.
The results can be posted in your question to give more detail on your question and it’s environment:

Find out what versions you have:
dpkg -l | grep -E “.(elasticsearch|graylog|mongo).
yum list installed | grep -E “.(elasticsearch|graylog|mongo).

Watch Log files:
tail -f /var/log/graylog-server/server.log
tail –f /var/log/mongodb/mongod.log

List all lines in a conf/yml file (removing comments):
cat /etc/graylog/server/server.conf | egrep -v “^\s*(#|$)”
cat /etc/elasticsearch/elasticsearch.yml | egrep -v “^\s*(#|$)”
cat /etc/graylog/sidecar/sidecar.yml | egrep -v “^\s*(#|$)”

Check health of your ElasticSearch instance:
curl -XGET http://localhost:9200/_cluster/health?pretty=true

This will help explain why if there is a health issue:
curl -XGET http://localhost:9200/_cluster/allocation/explain?pretty

List ElasticSearch indicies:
curl -XGET http://localhost:9200/_cat/indices?pretty

Throw a test message at your Graylog server:
curl -v http://:12201/gelf -p0 -d ‘{“short_message”:“Hello there”, “host”:“example.org”, “facility”:“test”, “foo”:“bar”,“WorkstationName”:“zippo”,“winlog_event_data_TargetUserName”:"BorisKarloff ","this_field: ":“test text inside the this_field” }’

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.