search

mariussturm / graylog-plugin-output-neo4j

Experimental output plugin for Neo4j
Apache License 2.0
6 stars 4 forks source link

Graylog 2.3 not able to send data to Neo4j graph - Getting Error Cannot Perform rotation #4

Open GaneshbabuRamamoorthy opened 7 years ago

GaneshbabuRamamoorthy commented 7 years ago

Hi @mariussturm

We are using Graylog 2.3 + Elasticsearch 5.5.0 + neo4j 3.2.2 versions for log monitoring application and we have installed neo4j output plugin in graylog to send the data to neo4j graph database.

we have configured the neo4j output with the connection details + Cypher queries. From the graylog streams section we could able to see the data is coming (i.e 40 messages/second) and then in the Manage Output we are trying to send the data to Neo4j graph database and I could see below error messages were thrown,

INFO [Neo4JBoltTransport] Identified 3 fields in graph create query. INFO [Neo4jOutput] Neo4j output started! ERROR [AbstractRotationStrategy] Cannot perform rotation at this moment. ERROR [AbstractRotationStrategy] Cannot perform rotation at this moment. ERROR [AbstractRotationStrategy] Cannot perform rotation at this moment. WARN [NodePingThread] Did not find meta info of this node. Re-registering. ERROR [AbstractRotationStrategy] Cannot perform rotation at this moment. ERROR [AbstractRotationStrategy] Cannot perform rotation at this moment.

index size info

Please kindly help on this issue and let me know if you need any further informations.

Regards, Ganeshbabu R

mariussturm commented 7 years ago

Hi, the error has nothing to do with neo4j. It indicates a problem with normal Elasticsearch rotation but should not be related to this plugin. I have bumped the dependencies and build the plugin for Graylog 2.3.0, please test with this release again: https://github.com/mariussturm/graylog-plugin-output-neo4j/releases/tag/2.3.0 That one work on my setup.

GaneshbabuRamamoorthy commented 7 years ago

Hi @mariussturm

Yes I accept it, the error which i got its not related to the neo4j. But when I am trying to create an node in neo4j from the graylog by using the below cypher query,

> MERGE ('dest-mapp-address':DESTMAP {destmap:{'dest-mapp-address'}})

The neo4j output plugin not able to create a node on the neo4j graph db since my node has some special characters and so I used backticks to avoid that issue. The backticks are applicable for variable name, labels & relationship names but not for the property value.

can you tell us how to set the field name (dest-mapp-address) as the value of the property "destmap"???

Note:- Since my graylog has the value for the field (dest-mapp-address) as "172.21.10.111 I tried the :params in the neo4j browser and worked successfully but not able to replicate the same through neo4j output plugin Below is the sample query I tried in neo4j browser,

':params {"dest-mapp-address":"172.29.2.12"} MERGE ('dest-mapp-address':DESTMAP {destmap:{'dest-mapp-address'}})'

Let me know your thoughts on this.

Regards, Ganeshbabu R