#graylog

/

      • finalbeta joined the channel
      • kingarmadillo joined the channel
      • kingarmadillo has quit
      • aymen_ joined the channel
      • aymen_ has quit
      • aymen has quit
      • ogny joined the channel
      • llucenic_ joined the channel
      • llucenic has quit
      • llucenic_ is now known as llucenic
      • scheuri joined the channel
      • scheuri
        Hello all,...sorry for a likely stupid question, however, I cannot wrap my head around it: I have graylog (using it with syslog already), but I want to input older logfiles I have a files only. How can I do that?
      • o1e9 joined the channel
      • joschi
        scheuri: you can use filebeat or logstash to read in those existing files and send them to Graylog via GELF or via the Beats protocol
      • scheuri
        joschi: thank you...I guess those two utilities are available for ubuntu?
      • joschi
        scheuri: yes
      • scheuri
        joschi: thank you...so I assume that I can configure those utilities to read in only the log files I have in a local dir (and then, as I understand, using a GELF or beats input on graylog)
      • joschi
        scheuri: yes
      • scheuri
        joschi: one last quesiton - do you have yourself a preference....logstash or filebeat?
      • joschi
        scheuri: I like filebeat better for this kind of task
      • scheuri
        joschi: thank you very much for your time and your help...much appreciated
      • I will check out filebeat first then :)
      • joschi
        scheuri: just one more note: you can also send these files using netcat and using a Raw/Plaintext input in Graylog. This would work without using any additional programs, but is also very basic
      • scheuri
        joschi: well, that is another idea of course...it is very basic, but at the end of the day I just need the content of the files in graylog :).....have you tried this as well? Can you recommend a type of graylog input (its not syslog I'd guess)?
      • joschi
        scheuri: Raw/Plaintext, as I said before ;-)
      • scheuri
        oh, sorry...my bad...see it in systems/inputs just now...thanks
      • and yes, you absolutely wrote it
      • :)
      • joschi
        scheuri: but be aware that you'll have to create extractors to parse the log timestamps from that plaintext lines. otherwise the ingest time will be used
      • scheuri: that also applies if you're using filebeat or logstash
      • scheuri
        joschi: thank you for pointing it out...I will read about graylog extractors then
      • joschi: sorry for asking one more and certainly last question - I can "reset" graylog, right? Meaning to get rid of all data, so i can "start over" so to speak - I thought I saw such a feature, but I am not sure anymore
      • joschi
        scheuri: sure, you can delete indices via the web interface
      • scheuri
        joschi: marvellous...thank you very much again for your time, much appreciated
      • kurobeats has quit
      • kreios joined the channel
      • kurobeats joined the channel