Typical investigation to be done if Graylog logs are not being received

We are not seeing logs in our Graylog console and i was wondering what are the typical steps to check why we are not receiving it. Can someone please help us out?

Troubleshooting Graylog is no different than any other system. Start from the known good and work towards the problem.

Simplified version:

  • Is the source sending data? If yes, move on. If no, troubleshoot source
  • Is the destination receiving data? If yes, move on. If no, troubleshoot path to destination then destination itself

Granted the Graylog specific steps are what you probably asked about, we don’t like to assume anything since we know nothing about your setup.

So for Graylog, if you aren’t receiving the data, you can check a couple things.

  • Are there any errors in Graylog or Elasticsearch?
  • Are the inputs started?
  • Are messages coming in?
  • Is the journal filling up?
  • is the input processor full or filling up?
  • is the output processor full or filling up?

There are different things you can check at each stage to try and narrow down where the problem is. So if you can tell us what you’ve checked and the results, we can try to help you narrow down your problem.

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.