search

cvtienhoven / graylog-plugin-aggregates

Aggregates plugin for Graylog
https://marketplace.graylog.org
GNU General Public License v3.0
53 stars 12 forks source link

Fail aggregates with Graylog 2.3.0-alpha.3+c795033 #15

Closed berekese closed 7 years ago

berekese commented 7 years ago

My server Graylog can't start if I use .jar file inside directory Graylog. Here log:

2017-06-09T07:35:20.429+02:00 INFO [CmdLineTool] Loaded plugin: Aggregates 1.0.1 [org.graylog.plugins.aggregates.AggregatesPlugin] 2017-06-09T07:35:20.432+02:00 INFO [CmdLineTool] Loaded plugin: Elastic Beats Input 2.3.0-alpha.3 [org.graylog.plugins.beats.BeatsInputPlugin] 2017-06-09T07:35:20.433+02:00 INFO [CmdLineTool] Loaded plugin: Collector 2.3.0-alpha.3 [org.graylog.plugins.collector.CollectorPlugin] 2017-06-09T07:35:20.436+02:00 INFO [CmdLineTool] Loaded plugin: Enterprise Integration Plugin 2.3.0-alpha.3 [org.graylog.plugins.enterprise_integration.EnterpriseIntegrationPlugin] 2017-06-09T07:35:20.439+02:00 INFO [CmdLineTool] Loaded plugin: MapWidgetPlugin 2.3.0-alpha.3 [org.graylog.plugins.map.MapWidgetPlugin] 2017-06-09T07:35:20.439+02:00 INFO [CmdLineTool] Loaded plugin: NetFlowPlugin 0.1.0 [org.graylog.plugins.netflow.NetFlowPlugin] 2017-06-09T07:35:20.447+02:00 INFO [CmdLineTool] Loaded plugin: Pipeline Processor Plugin 2.3.0-alpha.3 [org.graylog.plugins.pipelineprocessor.ProcessorPlugin] 2017-06-09T07:35:20.448+02:00 INFO [CmdLineTool] Loaded plugin: Anonymous Usage Statistics 2.3.0-alpha.3 [org.graylog.plugins.usagestatistics.UsageStatsPlugin] 2017-06-09T07:35:20.448+02:00 INFO [CmdLineTool] Loaded plugin: SnmpPlugin 0.3.0 [org.graylog.snmp.SnmpPlugin] 2017-06-09T07:35:20.661+02:00 INFO [CmdLineTool] Running with JVM arguments: -Xms1g -Xmx1g -XX:NewRatio=1 -XX:+ResizeTLAB -XX:+UseConcMarkSweepGC -XX:+CMSConcurrentMTEnabled -XX:+CMSClassUnloadingEnabled -XX:+UseParNewGC -XX:-OmitStackT raceInFastThrow -Dlog4j.configurationFile=file:///etc/graylog/server/log4j2.xml -Djava.library.path=/usr/share/graylog-server/lib/sigar -Dgraylog2.installation_source=deb 2017-06-09T07:35:20.880+02:00 INFO [Version] HV000001: Hibernate Validator null

Thanks.

cvtienhoven commented 7 years ago

@berekese hmm, this doesn't really give me any information :) Your log says the plugin was loaded, nothing more and nothing less. I assume you're filing this issue because Graylog starts without the plugin?

berekese commented 7 years ago

Hi, when I add jar file inside plugin directory , graylog doesn't start (port 9000 isn't running) and I can't get more logs because that output that I pasted is repeting all time. Any idea? Thanks.

FCaljon commented 7 years ago

Hi

I faced the same problem today when trying this plugin. I'm usig the latest aplha version for the ES 5.x support. so I assume this is the problem.

To reproduce it, you just need to add the jar to the plugin folder and restart graylog.

in a very short time you will see:

2017-06-28 10:07:38,926 INFO : org.graylog2.bootstrap.CmdLineTool - Loaded plugin: Aggregates 1.0.1 [org.graylog.plugins.aggregates.AggregatesPlugin] 2017-06-28 10:07:38,928 INFO : org.graylog2.bootstrap.CmdLineTool - Loaded plugin: Elastic Beats Input 2.3.0-alpha.2 [org.graylog.plugins.beats.BeatsInputPlugin] 2017-06-28 10:07:38,929 INFO : org.graylog2.bootstrap.CmdLineTool - Loaded plugin: Collector 2.3.0-alpha.2 [org.graylog.plugins.collector.CollectorPlugin] 2017-06-28 10:07:38,930 INFO : org.graylog2.bootstrap.CmdLineTool - Loaded plugin: Enterprise Integration Plugin 2.3.0-alpha.2 [org.graylog.plugins.enterprise_integration.EnterpriseIntegrationPlugin] 2017-06-28 10:07:38,931 INFO : org.graylog2.bootstrap.CmdLineTool - Loaded plugin: MapWidgetPlugin 2.3.0-alpha.2 [org.graylog.plugins.map.MapWidgetPlugin] 2017-06-28 10:07:38,944 INFO : org.graylog2.bootstrap.CmdLineTool - Loaded plugin: Pipeline Processor Plugin 2.3.0-alpha.2 [org.graylog.plugins.pipelineprocessor.ProcessorPlugin] 2017-06-28 10:07:38,945 INFO : org.graylog2.bootstrap.CmdLineTool - Loaded plugin: Anonymous Usage Statistics 2.3.0-alpha.2 [org.graylog.plugins.usagestatistics.UsageStatsPlugin] 2017-06-28 10:07:39,622 INFO : org.graylog2.bootstrap.CmdLineTool - Running with JVM arguments: -Djava.library.path=./bin/../lib/sigar -Xms1g -Xmx1g -XX:NewRatio=1 -XX:+ResizeTLAB -XX:+UseConcMarkSweepGC -XX:+CMSConcurrentMTEnabled -XX:+CMSClassUnloadingEnabled -XX:+UseParNewGC -XX:-OmitStackTraceInFastThrow 2017-06-28 10:07:40,052 INFO : org.hibernate.validator.internal.util.Version - HV000001: Hibernate Validator null Exception in thread "main" java.lang.NoClassDefFoundError: org/graylog2/initializers/IndexerSetupService at java.lang.Class.getDeclaredConstructors0(Native Method) at java.lang.Class.privateGetDeclaredConstructors(Class.java:2671) at java.lang.Class.getDeclaredConstructors(Class.java:2020) at com.google.inject.spi.InjectionPoint.forConstructorOf(InjectionPoint.java:245) at com.google.inject.internal.ConstructorBindingImpl.create(ConstructorBindingImpl.java:100) at com.google.inject.internal.InjectorImpl.createUninitializedBinding(InjectorImpl.java:661) at com.google.inject.internal.InjectorImpl.createJustInTimeBinding(InjectorImpl.java:885) at com.google.inject.internal.InjectorImpl.createJustInTimeBindingRecursive(InjectorImpl.java:808) at com.google.inject.internal.InjectorImpl.getJustInTimeBinding(InjectorImpl.java:285) at com.google.inject.internal.InjectorImpl.getBindingOrThrow(InjectorImpl.java:217) at com.google.inject.internal.InjectorImpl.getInternalFactory(InjectorImpl.java:893) at com.google.inject.internal.FactoryProxy.notify(FactoryProxy.java:46) at com.google.inject.internal.ProcessedBindingData.runCreationListeners(ProcessedBindingData.java:50) at com.google.inject.internal.InternalInjectorCreator.initializeStatically(InternalInjectorCreator.java:134) at com.google.inject.internal.InternalInjectorCreator.build(InternalInjectorCreator.java:107) at com.google.inject.Guice.createInjector(Guice.java:99) at org.graylog2.shared.bindings.GuiceInjectorHolder.createInjector(GuiceInjectorHolder.java:34) at org.graylog2.bootstrap.CmdLineTool.setupInjector(CmdLineTool.java:379) at org.graylog2.bootstrap.CmdLineTool.run(CmdLineTool.java:193) at org.graylog2.bootstrap.Main.main(Main.java:44) Caused by: java.lang.ClassNotFoundException: org.graylog2.initializers.IndexerSetupService at java.net.URLClassLoader.findClass(URLClassLoader.java:381) at java.lang.ClassLoader.loadClass(ClassLoader.java:424) at java.net.FactoryURLClassLoader.loadClass(URLClassLoader.java:814) at java.lang.ClassLoader.loadClass(ClassLoader.java:357) ... 20 more

cvtienhoven commented 7 years ago

@berekese @FCaljon ah yes, thanks for the logging. I see that the IndexerSetupService has been removed due to the switch to ES 5. I used this to check if ES was available at all (otherwhise no searches have to be attempted). This affects the behavior of the plugin, I'll have to make some changes to make it compatible with Graylog version 2.3.0 (and somehow check the cluster status in an other way I guess).

berekese commented 7 years ago

Its great @cvtienhoven. Could you let me know when its done to check it please? Thanks!

cvtienhoven commented 7 years ago

@berekese @FCaljon I just released version 1.1.0 of the plugin. As I'm not running 2.3.0 myself it's a bit of a shot in the dark, but it would be awesome if you guys could test if it works. If it's not working I'll setup a test environment with 2.3.0, but then it takes a bit longer :)

FCaljon commented 7 years ago

@cvtienhoven I tested the new version. it is no longer crashing the graylog server. But I'm not sure if it is working properly. I do not see the aggregates tab in the gui. The current gui has a sources tab there. Is there anything else that needs to be activated?

(I moved up to the latest beta version today.)

I do see this in the log:

2017-06-29 15:58:08,313 INFO : org.graylog2.bootstrap.CmdLineTool - Loaded plugin: Aggregates 1.1.0 [org.graylog.plugins.aggregates.AggregatesPlugin] 2017-06-29 15:58:25,150 INFO : org.graylog2.periodical.Periodicals - Starting [org.graylog.plugins.aggregates.Aggregates] periodical in [0s], polling every [60s]. 2017-06-29 15:58:25,161 INFO : org.graylog2.periodical.Periodicals - Starting [org.graylog.plugins.aggregates.report.AggregatesReport] periodical in [0s], polling every [60s]. 2017-06-29 15:58:25,172 INFO : org.graylog2.periodical.Periodicals - Starting [org.graylog.plugins.aggregates.maintenance.AggregatesMaintenance] periodical in [0s], polling every [60s]. 2017-06-29 15:58:25,487 INFO : org.graylog.plugins.aggregates.maintenance.AggregatesMaintenance - removed 0 history items

so that looks ok, the last line is repeating every minute as expected.

cvtienhoven commented 7 years ago

If you have administrator permissions, you should be able to see the tab. But I guess I'll have to refactor some stuff in the frontend as well for the new version. To be continued :)

FCaljon commented 7 years ago

This install is DEV/POC level. I have only one user and it is full admin.

berekese commented 7 years ago

I'm sorry @cvtienhoven I was a bit busy. I will test soon and I will let you know the results with log.

Thanks!

berekese commented 7 years ago

Hi @cvtienhoven I added plugin, and graylog starts without errors but I can't see on dashboard new plugin installed (in your picture I see "Aggregate" between Dashboard and System but I can't see it. I paste you log and a picture, maybe its a miss configuration for my side.

2017-07-03T07:21:00.844+02:00 INFO [JerseyService] Shutting down HTTP listener at <http://192.168.1.XXX:9000/api/> 2017-07-03T07:21:08.273+02:00 INFO [CmdLineTool] Loaded plugin: Aggregates 1.1.0 [org.graylog.plugins.aggregates.AggregatesPlugin] 2017-07-03T07:21:08.275+02:00 INFO [CmdLineTool] Loaded plugin: Elastic Beats Input 2.3.0-alpha.3 [org.graylog.plugins.beats.BeatsInputPlugin] 2017-07-03T07:21:08.276+02:00 INFO [CmdLineTool] Loaded plugin: Collector 2.3.0-alpha.3 [org.graylog.plugins.collector.CollectorPlugin] 2017-07-03T07:21:08.277+02:00 INFO [CmdLineTool] Loaded plugin: Enterprise Integration Plugin 2.3.0-alpha.3 [org.graylog.plugins.enterprise_integration.EnterpriseIntegrationPlugin] 2017-07-03T07:21:08.277+02:00 INFO [CmdLineTool] Loaded plugin: MapWidgetPlugin 2.3.0-alpha.3 [org.graylog.plugins.map.MapWidgetPlugin] 2017-07-03T07:21:08.278+02:00 INFO [CmdLineTool] Loaded plugin: NetFlowPlugin 0.1.0 [org.graylog.plugins.netflow.NetFlowPlugin] 2017-07-03T07:21:08.285+02:00 INFO [CmdLineTool] Loaded plugin: Pipeline Processor Plugin 2.3.0-alpha.3 [org.graylog.plugins.pipelineprocessor.ProcessorPlugin] 2017-07-03T07:21:08.286+02:00 INFO [CmdLineTool] Loaded plugin: Anonymous Usage Statistics 2.3.0-alpha.3 [org.graylog.plugins.usagestatistics.UsageStatsPlugin] 2017-07-03T07:21:08.815+02:00 INFO [CmdLineTool] Running with JVM arguments: -Xms1g -Xmx1g -XX:NewRatio=1 -XX:+ResizeTLAB -XX:+UseConcMarkSweepGC -XX:+CMSConcurrentMTEnabled -XX:+CMSClassUnloadingEnabled -XX:+UseParNewGC -XX:-OmitStackTraceInFastThrow -Dlog4j.configurationFile=file:///etc/graylog/server/log4j2.xml -Djava.library.path=/usr/share/graylog-server/lib/sigar -Dgraylog2.installation_source=deb 2017-07-03T07:21:09.045+02:00 INFO [Version] HV000001: Hibernate Validator null 2017-07-03T07:21:11.418+02:00 INFO [InputBufferImpl] Message journal is enabled. 2017-07-03T07:21:11.462+02:00 INFO [NodeId] Node ID: 76899de3-904c-460d-9daf-113bc4c038dc 2017-07-03T07:21:11.674+02:00 INFO [LogManager] Loading logs. 2017-07-03T07:21:11.704+02:00 WARN [Log] Found a corrupted index file, /var/lib/graylog-server/journal/messagejournal-0/00000000000005829684.index, deleting and rebuilding index... 2017-07-03T07:21:11.838+02:00 INFO [LogManager] Logs loading complete. 2017-07-03T07:21:11.838+02:00 INFO [KafkaJournal] Initialized Kafka based journal at /var/lib/graylog-server/journal 2017-07-03T07:21:11.869+02:00 INFO [InputBufferImpl] Initialized InputBufferImpl with ring size <65536> and wait strategy <BlockingWaitStrategy>, running 2 parallel message handlers. 2017-07-03T07:21:11.891+02:00 INFO [cluster] Cluster created with settings {hosts=[localhost:27017], mode=SINGLE, requiredClusterType=UNKNOWN, serverSelectionTimeout='30000 ms', maxWaitQueueSize=5000} 2017-07-03T07:21:11.944+02:00 INFO [cluster] No server chosen by ReadPreferenceServerSelector{readPreference=primary} from cluster description ClusterDescription{type=UNKNOWN, connectionMode=SINGLE, serverDescriptions=[ServerDescription{address=localhost:27017, type=UNKNOWN, state=CONNECTING}]}. Waiting for 30000 ms before timing out 2017-07-03T07:21:12.037+02:00 INFO [connection] Opened connection [connectionId{localValue:1, serverValue:13}] to localhost:27017 2017-07-03T07:21:12.038+02:00 INFO [cluster] Monitor thread successfully connected to server with description ServerDescription{address=localhost:27017, type=STANDALONE, state=CONNECTED, ok=true, version=ServerVersion{versionList=[3, 0, 15]}, minWireVersion=0, maxWireVersion=3, maxDocumentSize=16777216, roundTripTimeNanos=359633} 2017-07-03T07:21:12.045+02:00 INFO [connection] Opened connection [connectionId{localValue:2, serverValue:14}] to localhost:27017 2017-07-03T07:21:12.425+02:00 INFO [AbstractJestClient] Setting server pool to a list of 1 servers: [http://127.0.0.1:9200] 2017-07-03T07:21:12.426+02:00 INFO [JestClientFactory] Using multi thread/connection supporting pooling connection manager 2017-07-03T07:21:12.505+02:00 INFO [JestClientFactory] Using custom GSON instance 2017-07-03T07:21:12.505+02:00 INFO [JestClientFactory] Node Discovery disabled... 2017-07-03T07:21:12.505+02:00 INFO [JestClientFactory] Idle connection reaping disabled... 2017-07-03T07:21:12.766+02:00 INFO [ProcessBuffer] Initialized ProcessBuffer with ring size <65536> and wait strategy <BlockingWaitStrategy>. 2017-07-03T07:21:14.522+02:00 INFO [RulesEngineProvider] No static rules file loaded. 2017-07-03T07:21:14.688+02:00 INFO [connection] Opened connection [connectionId{localValue:3, serverValue:15}] to localhost:27017 2017-07-03T07:21:14.950+02:00 WARN [GeoIpResolverEngine] GeoIP database file does not exist: /etc/graylog/server/GeoLite2-City.mmdb 2017-07-03T07:21:14.959+02:00 INFO [OutputBuffer] Initialized OutputBuffer with ring size <65536> and wait strategy <BlockingWaitStrategy>. 2017-07-03T07:21:14.998+02:00 WARN [GeoIpResolverEngine] GeoIP database file does not exist: /etc/graylog/server/GeoLite2-City.mmdb 2017-07-03T07:21:15.026+02:00 WARN [GeoIpResolverEngine] GeoIP database file does not exist: /etc/graylog/server/GeoLite2-City.mmdb 2017-07-03T07:21:15.046+02:00 WARN [GeoIpResolverEngine] GeoIP database file does not exist: /etc/graylog/server/GeoLite2-City.mmdb 2017-07-03T07:21:15.067+02:00 WARN [GeoIpResolverEngine] GeoIP database file does not exist: /etc/graylog/server/GeoLite2-City.mmdb 2017-07-03T07:21:15.491+02:00 INFO [ServerBootstrap] Graylog server 2.3.0-alpha.3+c795033 starting up 2017-07-03T07:21:15.491+02:00 INFO [ServerBootstrap] JRE: Oracle Corporation 1.8.0_131 on Linux 2.6.32-openvz-042stab120.18-amd64 2017-07-03T07:21:15.491+02:00 INFO [ServerBootstrap] Deployment: deb 2017-07-03T07:21:15.491+02:00 INFO [ServerBootstrap] OS: Ubuntu 14.04.5 LTS (trusty) 2017-07-03T07:21:15.491+02:00 INFO [ServerBootstrap] Arch: amd64 2017-07-03T07:21:15.494+02:00 WARN [DeadEventLoggingListener] Received unhandled event of type <org.graylog2.plugin.lifecycles.Lifecycle> from event bus <AsyncEventBus{graylog-eventbus}> 2017-07-03T07:21:15.509+02:00 INFO [PeriodicalsService] Starting 29 periodicals ... 2017-07-03T07:21:15.511+02:00 INFO [Periodicals] Starting [org.graylog2.periodical.ThroughputCalculator] periodical in [0s], polling every [1s]. 2017-07-03T07:21:15.512+02:00 INFO [Periodicals] Starting [org.graylog2.periodical.AlertScannerThread] periodical in [10s], polling every [60s]. 2017-07-03T07:21:15.513+02:00 INFO [Periodicals] Starting [org.graylog2.periodical.BatchedElasticSearchOutputFlushThread] periodical in [0s], polling every [1s]. 2017-07-03T07:21:15.514+02:00 INFO [Periodicals] Starting [org.graylog2.periodical.ClusterHealthCheckThread] periodical in [120s], polling every [20s]. 2017-07-03T07:21:15.514+02:00 INFO [Periodicals] Starting [org.graylog2.periodical.ContentPackLoaderPeriodical] periodical, running forever. 2017-07-03T07:21:15.518+02:00 INFO [Periodicals] Starting [org.graylog2.periodical.GarbageCollectionWarningThread] periodical, running forever. 2017-07-03T07:21:15.518+02:00 INFO [Periodicals] Starting [org.graylog2.periodical.GarbageCollectionWarningThread] periodical, running forever. 2017-07-03T07:21:15.519+02:00 INFO [Periodicals] Starting [org.graylog2.periodical.IndexerClusterCheckerThread] periodical in [0s], polling every [30s]. 2017-07-03T07:21:15.530+02:00 INFO [Periodicals] Starting [org.graylog2.periodical.IndexRetentionThread] periodical in [0s], polling every [300s]. 2017-07-03T07:21:15.537+02:00 INFO [Periodicals] Starting [org.graylog2.periodical.IndexRotationThread] periodical in [0s], polling every [10s]. 2017-07-03T07:21:15.539+02:00 INFO [connection] Opened connection [connectionId{localValue:4, serverValue:16}] to localhost:27017 2017-07-03T07:21:15.550+02:00 INFO [Periodicals] Starting [org.graylog2.periodical.NodePingThread] periodical in [0s], polling every [1s]. 2017-07-03T07:21:15.551+02:00 INFO [Periodicals] Starting [org.graylog2.periodical.VersionCheckThread] periodical in [300s], polling every [1800s]. 2017-07-03T07:21:15.551+02:00 INFO [Periodicals] Starting [org.graylog2.periodical.ThrottleStateUpdaterThread] periodical in [1s], polling every [1s]. 2017-07-03T07:21:15.553+02:00 INFO [Periodicals] Starting [org.graylog2.events.ClusterEventPeriodical] periodical in [0s], polling every [1s]. 2017-07-03T07:21:15.559+02:00 INFO [Periodicals] Starting [org.graylog2.events.ClusterEventCleanupPeriodical] periodical in [0s], polling every [86400s]. 2017-07-03T07:21:15.559+02:00 INFO [Periodicals] Starting [org.graylog2.periodical.ClusterIdGeneratorPeriodical] periodical, running forever. 2017-07-03T07:21:15.559+02:00 INFO [Periodicals] Starting [org.graylog2.periodical.IndexRangesMigrationPeriodical] periodical, running forever. 2017-07-03T07:21:15.567+02:00 INFO [Periodicals] Starting [org.graylog2.periodical.IndexRangesCleanupPeriodical] periodical in [15s], polling every [3600s]. 2017-07-03T07:21:15.580+02:00 INFO [connection] Opened connection [connectionId{localValue:7, serverValue:18}] to localhost:27017 2017-07-03T07:21:15.580+02:00 INFO [connection] Opened connection [connectionId{localValue:6, serverValue:17}] to localhost:27017 2017-07-03T07:21:15.580+02:00 INFO [connection] Opened connection [connectionId{localValue:5, serverValue:19}] to localhost:27017 2017-07-03T07:21:15.581+02:00 INFO [connection] Opened connection [connectionId{localValue:8, serverValue:20}] to localhost:27017 2017-07-03T07:21:15.582+02:00 INFO [connection] Opened connection [connectionId{localValue:9, serverValue:21}] to localhost:27017 2017-07-03T07:21:15.588+02:00 INFO [PeriodicalsService] Not starting [org.graylog2.periodical.UserPermissionMigrationPeriodical] periodical. Not configured to run on this node. 2017-07-03T07:21:15.588+02:00 INFO [Periodicals] Starting [org.graylog2.periodical.AlarmCallbacksMigrationPeriodical] periodical, running forever. 2017-07-03T07:21:15.588+02:00 INFO [Periodicals] Starting [org.graylog2.periodical.ConfigurationManagementPeriodical] periodical, running forever. 2017-07-03T07:21:15.600+02:00 INFO [Periodicals] Starting [org.graylog2.periodical.LdapGroupMappingMigration] periodical, running forever. 2017-07-03T07:21:15.607+02:00 INFO [Periodicals] Starting [org.graylog2.periodical.IndexFailuresPeriodical] periodical, running forever. 2017-07-03T07:21:15.611+02:00 INFO [Periodicals] Starting [org.graylog.plugins.usagestatistics.UsageStatsNodePeriodical] periodical in [300s], polling every [21600s]. 2017-07-03T07:21:15.615+02:00 INFO [Periodicals] Starting [org.graylog.plugins.usagestatistics.UsageStatsClusterPeriodical] periodical in [300s], polling every [21600s]. 2017-07-03T07:21:15.648+02:00 INFO [Periodicals] Starting [org.graylog.plugins.pipelineprocessor.periodical.LegacyDefaultStreamMigration] periodical, running forever. 2017-07-03T07:21:15.648+02:00 INFO [Periodicals] Starting [org.graylog.plugins.collector.periodical.PurgeExpiredCollectorsThread] periodical in [0s], polling every [3600s]. 2017-07-03T07:21:15.652+02:00 INFO [Periodicals] Starting [org.graylog.plugins.aggregates.Aggregates] periodical in [0s], polling every [60s]. 2017-07-03T07:21:15.653+02:00 INFO [Periodicals] Starting [org.graylog.plugins.aggregates.report.AggregatesReport] periodical in [0s], polling every [60s]. 2017-07-03T07:21:15.660+02:00 INFO [Periodicals] Starting [org.graylog.plugins.aggregates.maintenance.AggregatesMaintenance] periodical in [0s], polling every [60s]. 2017-07-03T07:21:15.673+02:00 INFO [LegacyDefaultStreamMigration] Legacy default stream has no connections, no migration needed. 2017-07-03T07:21:15.679+02:00 INFO [AggregatesMaintenance] removed 0 history items 2017-07-03T07:21:15.948+02:00 INFO [JerseyService] Enabling CORS for HTTP endpoint 2017-07-03T07:21:22.043+02:00 WARN [AuditEventModelProcessor] REST endpoint not included in audit trail: PUT /api/plugins/org.graylog.plugins.aggregates/schedules 2017-07-03T07:21:22.043+02:00 WARN [AuditEventModelProcessor] REST endpoint not included in audit trail: POST /api/plugins/org.graylog.plugins.aggregates/schedules/{name} 2017-07-03T07:21:22.043+02:00 WARN [AuditEventModelProcessor] REST endpoint not included in audit trail: DELETE /api/plugins/org.graylog.plugins.aggregates/schedules/{id} 2017-07-03T07:21:22.044+02:00 WARN [AuditEventModelProcessor] REST endpoint not included in audit trail: PUT /api/plugins/org.graylog.plugins.aggregates/rules 2017-07-03T07:21:22.044+02:00 WARN [AuditEventModelProcessor] REST endpoint not included in audit trail: POST /api/plugins/org.graylog.plugins.aggregates/rules/{name} 2017-07-03T07:21:22.044+02:00 WARN [AuditEventModelProcessor] REST endpoint not included in audit trail: DELETE /api/plugins/org.graylog.plugins.aggregates/rules/{name} 2017-07-03T07:21:27.333+02:00 INFO [NetworkListener] Started listener bound to [192.168.1.XXX:9000] 2017-07-03T07:21:27.335+02:00 INFO [HttpServer] [HttpServer] Started. 2017-07-03T07:21:27.335+02:00 INFO [JerseyService] Started REST API at <http://192.168.1.XXX:9000/api/> 2017-07-03T07:21:27.335+02:00 INFO [JerseyService] Started Web Interface at <http://192.168.1.XXX:9000/> 2017-07-03T07:21:27.336+02:00 INFO [ServiceManagerListener] Services are healthy 2017-07-03T07:21:27.336+02:00 INFO [ServerBootstrap] Services started, startup times in ms: {OutputSetupService [RUNNING]=15, BufferSynchronizerService [RUNNING]=24, InputSetupService [RUNNING]=51, KafkaJournal [RUNNING]=55, JournalReader [RUNNING]=68, ConfigurationEtagService [RUNNING]=70, StreamCacheService [RUNNING]=83, PeriodicalsService [RUNNING]=166, JerseyService [RUNNING]=11826} 2017-07-03T07:21:27.337+02:00 INFO [InputSetupService] Triggering launching persisted inputs, node transitioned from Uninitialized?[LB:DEAD] to Running?[LB:ALIVE] 2017-07-03T07:21:27.341+02:00 INFO [ServerBootstrap] Graylog server up and running. 2017-07-03T07:21:27.356+02:00 INFO [InputStateListener] Input [Syslog UDP/593695670a975a1565f0f5c8] is now STARTING 2017-07-03T07:21:27.357+02:00 INFO [InputStateListener] Input [Syslog UDP/594276e10a975a4ed3739a79] is now STARTING 2017-07-03T07:21:27.487+02:00 WARN [NettyTransport] receiveBufferSize (SO_RCVBUF) for input SyslogUDPInput{title=Syslog , type=org.graylog2.inputs.syslog.udp.SyslogUDPInput, nodeId=null} should be 262144 but is 133120. 2017-07-03T07:21:27.488+02:00 WARN [NettyTransport] receiveBufferSize (SO_RCVBUF) for input SyslogUDPInput{title=Syslog_UDP_5140, type=org.graylog2.inputs.syslog.udp.SyslogUDPInput, nodeId=76899de3-904c-460d-9daf-113bc4c038dc} should be 262144 but is 133120. 2017-07-03T07:21:27.489+02:00 INFO [InputStateListener] Input [Syslog UDP/593695670a975a1565f0f5c8] is now RUNNING 2017-07-03T07:21:27.492+02:00 WARN [NettyTransport] receiveBufferSize (SO_RCVBUF) for input NetFlowUdpInput{title=Netflow, type=org.graylog.plugins.netflow.inputs.NetFlowUdpInput, nodeId=null} should be 262144 but is 133120. 2017-07-03T07:21:27.497+02:00 INFO [InputStateListener] Input [Syslog UDP/594276e10a975a4ed3739a79] is now RUNNING 2017-07-03T07:21:27.498+02:00 INFO [InputStateListener] Input [NetFlow UDP/593695aa0a975a1565f0f61c] is now RUNNING 2017-07-03T07:22:05.621+02:00 WARN [common] Unable to get a valid mac address, will use a dummy address 2017-07-03T07:22:15.662+02:00 INFO [AggregatesMaintenance] removed 0 history items 2017-07-03T07:23:15.661+02:00 INFO [AggregatesMaintenance] removed 0 history items 2017-07-03T07:24:15.661+02:00 INFO [AggregatesMaintenance] removed 0 history items 2017-07-03T07:25:15.661+02:00 INFO [AggregatesMaintenance] removed 0 history items 2017-07-03T07:26:11.560+02:00 INFO [GeoIpProcessor] Updating GeoIP resolver engine - GeoIpResolverConfig{enabled=true, dbType=MAXMIND_CITY, dbPath=/etc/graylog/server/GeoLite2-City.mmdb} 2017-07-03T07:26:11.560+02:00 INFO [GeoIpProcessor] Updating GeoIP resolver engine - GeoIpResolverConfig{enabled=true, dbType=MAXMIND_CITY, dbPath=/etc/graylog/server/GeoLite2-City.mmdb} 2017-07-03T07:26:11.560+02:00 INFO [GeoIpProcessor] Updating GeoIP resolver engine - GeoIpResolverConfig{enabled=true, dbType=MAXMIND_CITY, dbPath=/etc/graylog/server/GeoLite2-City.mmdb} 2017-07-03T07:26:11.560+02:00 WARN [GeoIpResolverEngine] GeoIP database file does not exist: /etc/graylog/server/GeoLite2-City.mmdb 2017-07-03T07:26:11.560+02:00 WARN [GeoIpResolverEngine] GeoIP database file does not exist: /etc/graylog/server/GeoLite2-City.mmdb 2017-07-03T07:26:11.560+02:00 WARN [GeoIpResolverEngine] GeoIP database file does not exist: /etc/graylog/server/GeoLite2-City.mmdb 2017-07-03T07:26:11.561+02:00 INFO [GeoIpProcessor] Updating GeoIP resolver engine - GeoIpResolverConfig{enabled=true, dbType=MAXMIND_CITY, dbPath=/etc/graylog/server/GeoLite2-City.mmdb} 2017-07-03T07:26:11.561+02:00 WARN [GeoIpResolverEngine] GeoIP database file does not exist: /etc/graylog/server/GeoLite2-City.mmdb 2017-07-03T07:26:11.561+02:00 INFO [GeoIpProcessor] Updating GeoIP resolver engine - GeoIpResolverConfig{enabled=true, dbType=MAXMIND_CITY, dbPath=/etc/graylog/server/GeoLite2-City.mmdb} 2017-07-03T07:26:11.561+02:00 WARN [GeoIpResolverEngine] GeoIP database file does not exist: /etc/graylog/server/GeoLite2-City.mmdb 2017-07-03T07:26:15.661+02:00 INFO [AggregatesMaintenance] removed 0 history items 2017-07-03T07:27:15.661+02:00 INFO [AggregatesMaintenance] removed 0 history items 2017-07-03T07:28:15.661+02:00 INFO [AggregatesMaintenance] removed 0 history items 2017-07-03T07:29:15.661+02:00 INFO [AggregatesMaintenance] removed 0 history items

PICTURE: http://i63.tinypic.com/33lo84p.jpg

cvtienhoven commented 7 years ago

@berekese thanks for testing, I already saw that the UI menu item isn't shown. I'll have to rewrite some stuff to make it compatible with Graylog 2.3.0, but not sure where to start yet :) I'll keep you guys posted.

berekese commented 7 years ago

Ok @cvtienhoven thanks! I hope news :)

cvtienhoven commented 7 years ago

Ok @berekese and @FCaljon, I think I fixed it. Could you guys test with version 1.1.1?

https://github.com/cvtienhoven/graylog-plugin-aggregates/releases/tag/1.1.1

FCaljon commented 7 years ago

@cvtienhoven, it seems to work. I now see the tab. I will try the functionality later.

regards

Filip

berekese commented 7 years ago

@cvtienhoven its works fine! I will test it in some days too and I will let you know tests. Thanks!

Bumble0b33 commented 7 years ago

Hi @cvtienhoven, I still have the same problem even after using version 1.1.1. I'm using Graylog 2.3.0. Below is a part of the Graylog server log: graylog.txt

cvtienhoven commented 7 years ago

Hi @Bumble0b33, I can't really see that anything is going wrong in that piece of logging. What do you experience? By the way, I just released version 2.0.0 of the plugin which integrates more tightly with Graylog (regarding notifications). You might want to try that one first.

Bumble0b33 commented 7 years ago

Hi @cvtienhoven, the 'Aggregates' tab wasn't showing on the web interface(for .jar) but I got it working with the .deb file. Didn't end up finding out what the issue was.. I'll test with version 2.0.0 and let you know how that goes. Cheers

cvtienhoven commented 7 years ago

Hi @Bumble0b33, I'm closing this issue because of inactivity.