Tips for Posting Questions that Get Answers

dscryber · November 22, 2021, 7:43pm

TIPS for Posting Questions that Get Answers:

*The following is a compendium of tips to help you organize your question and have better success for getting a solution to the incident you are having. First, a short list, then some detail on how to pull and post information from your systems.

When you create a new Topic for the community to review with you:

Search Graylog Documentation, the Graylog community forum, Google … the answer may be out there!
Have a short informative subject such as: “Post new message via RestAPI with Python”
Describe your environment and incident in detail in the body of the message
Use the forum tools when you are posting code or text to help with parsing
Don’t forget to ALWAYS use “optional tags” to help index your post’s topic!

Guidelines for Describing the incident and environment:

What is the incident you are trying to work out? We can only see the parts you tell us so post relevant information. When posting code or logs as text (preferred) use the forum tools like </> shown below so it is formatted nicely. Screen shots are helpful for non-text information.
Helpful commands shown below to easily retrieve settings and diagnostic data.
What have you done to try to solve your problem? Describe all steps you have already taken to resolve the incident.
Tell a little about your environment, is it a single instance? Docker? Show the versions of Graylog/Mongo/ElasticSearch you are using.
```
             * Graylog 4.2.0
             * MongoDB v4.0.27
             * Elasticsearch 7.10.2
```

Here are some cool shortcut commands that will give you information about your environment.
The results can be posted in your question to give more detail on your question and it’s environment:

Find out what versions you have:

dpkg -l | grep -E ".*(elasticsearch|graylog|mongo).*"
yum list installed | grep -E ".*(elasticsearch|graylog|mongo).*"

Watch Log files:

tail -f /var/log/graylog-server/server.log
tail –f /var/log/mongodb/mongod.log

List all lines in a conf/yml file (removing comments):

cat /etc/graylog/server/server.conf         | egrep -v "^\s*(#|$)"
cat /etc/elasticsearch/elasticsearch.yml    | egrep -v "^\s*(#|$)"
cat /etc/graylog/sidecar/sidecar.yml        | egrep -v "^\s*(#|$)"

Check health of your ElasticSearch instance:
curl -XGET http://localhost:9200/_cluster/health?pretty=true

This will help explain why if there is a health issue:
curl -XGET http://localhost:9200/_cluster/allocation/explain?pretty

List ElasticSearch indicies:
curl -XGET http://localhost:9200/_cat/indices?pretty

Throw a test message at your Graylog server:
curl -v http://<ServerName>:12201/gelf -p0 -d '{"short_message":"Hello there", "host":"example.org", "facility":"test", "foo":"bar","WorkstationName":"zippo","winlog_event_data_TargetUserName":"BorisKarloff ","this_field: ":"test text inside the this_field" }'

system · December 6, 2021, 9:52pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Questions and You: A guide to getting an answer Graylog Central (peer support)	2	4894	April 24, 2019
Possible to make http/json Data adaptor do POST instead of GET? Graylog Central (peer support)	3	273	February 7, 2023
## Graylog security Graylog Central (peer support) elastic	2	187	December 5, 2023
Step 2: Documentation Contests & Give-Aways pipeline-rules	6	704	July 16, 2021
FAQ/Guidelines New to Graylog Community? READ-ME FIRST Guides	1	976	September 11, 2016

Tips for Posting Questions that Get Answers

Related Topics