Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

Can't Verify Log Source

https://support.nagios.com/forum/viewtopic.php?t=51804

Page 1 of 1

Can't Verify Log Source

Posted: Mon Dec 31, 2018 4:57 am
by floki
Good Day!

Can't verify a log source even though I can see it from Unique Hosts report. Also can search its logs from dashboard. Is there something I need to do?

Here's screenshots for reference:
https://drive.google.com/drive/folders/ ... sp=sharing

Regards,

Re: Can't Verify Log Source

Posted: Wed Jan 02, 2019 12:59 pm
by cdienger
There are multiple places to run the verify - where are you running it from?

Note that the verify under http://nls_ip/nagioslogserver/configure/source/linux will only verify if syslog data came from the source while running verification on other pages don't have a restriction like this. Try running the verification found on http://nls_ip/nagioslogserver/configure/source/network

Re: Can't Verify Log Source

Posted: Thu Jan 03, 2019 8:19 pm
by floki
Alright. Will test these one and let you know the results. Thanks a lot!

Re: Can't Verify Log Source

Posted: Fri Jan 04, 2019 4:33 am
by floki
Still can't verify log sources from /network. Though I can search them through logstash haha its weird. I attach a screen shot:
https://drive.google.com/open?id=1Arr5VYL

Look for the VerifyIncomingTest.jpg
I'm thinking to restart logstash or elasticsearch and see if there's an effect. There's no log entry on logstash.log so maybe there's a problem on my logstash?

Re: Can't Verify Log Source

Posted: Fri Jan 04, 2019 11:42 am
by cdienger
Restarting logstash(service logstash restart) probably wont have any impact on this since the data has already been parsed and inserted into the database and the verify button tries to read entries from the database.

Can you PM me some of the logs that 10.109.196.164 sent as well as screenshots of the dashboard showing the details of these events?

Re: Can't Verify Log Source

Posted: Mon Jan 07, 2019 8:31 pm
by floki
Hi

Already sent you the files :) I don't know why it's not showing verification even though it's receiving logs in the dash board T_T

Re: Can't Verify Log Source

Posted: Tue Jan 08, 2019 2:55 pm
by cdienger
Click one of the events seen in 164_LOGS3 so that it drops down to show details of the event. I'd like to see all the fields and their values displayed.

Does the verify work for the 10.109.196.164 host?

Re: Can't Verify Log Source

Posted: Tue Jan 08, 2019 9:45 pm
by floki
Okay thank you for help, just logged in and found out that I can now verify the Logs with absolutely doing nothing haha I can now verify the incoming logs :D

I just extracted the old elasticsearch & logstash logs to see what happened:

Logstash old log:

Code: Select all

{:timestamp=>"2019-01-01T01:20:40.607000+0800", :message=>"Connection refused (Connection refused)", :class=>"Manticore::SocketException", :level=>:error}
{:timestamp=>"2019-01-01T01:20:40.630000+0800", :message=>"Connection refused (Connection refused)", :class=>"Manticore::SocketException", :level=>:error}
{:timestamp=>"2019-01-01T01:20:40.644000+0800", :message=>"Connection refused (Connection refused)", :class=>"Manticore::SocketException", :level=>:error}
{:timestamp=>"2019-01-01T01:20:40.654000+0800", :message=>"Connection refused (Connection refused)", :class=>"Manticore::SocketException", :level=>:error}
{:timestamp=>"2019-01-01T01:20:40.749000+0800", :message=>"Pipeline main started"}
{:timestamp=>"2019-01-01T01:20:41.154000+0800", :message=>"Attempted to send a bulk request to Elasticsearch configured at '[\"http://localhost:9200\"]', but Elasticsearch appears to be unreachable or down!", :error_message=>"Connection refused (Connection refused)", :class=>"Manticore::SocketException", :level=>:error}
{:timestamp=>"2019-01-01T01:34:20.715000+0800", :message=>"Failed action. ", :status=>400, :action=>["index", {:_id=>nil, :_index=>"logstash-2018.12.31", :_type=>"eventlog", :_routing=>nil}, #<LogStash::Event:0x4cbde227 @metadata_accessors=#<LogStash::Util::Accessors:0x6629f031 @store={}, @lut={}>, @cancelled=false, @data={"EventTime"=>"2018-12-31 17:34:14", "Hostname"=>" -RAV01", "Keywords"=>4611686018427387904, "EventType"=>"WARNING", "SeverityValue"=>3, "Severity"=>"WARNING", "EventID"=>226, "SourceName"=>"Microsoft-Windows-RemoteDesktopServices-RdpCoreTS", "ProviderGuid"=>"{1139C61B-B549-4251-8ED3-27250A1EDEC8}", "Version"=>0, "Task"=>4, "OpcodeValue"=>19, "RecordNumber"=>6350, "ActivityID"=>"{F420E538-D917-40F2-BA1C-E87C50170000}", "ProcessID"=>868, "ThreadID"=>6552, "Channel"=>"Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational", "Domain"=>"NT AUTHORITY", "AccountName"=>"NETWORK SERVICE", "UserID"=>"S-1-5-20", "AccountType"=>"Well Known Group", "Category"=>"RemoteFX module", "Opcode"=>"Runtime", "StateTransition"=>"RDP_TCP", "PreviousState"=>"23", "PreviousStateName"=>"StateUnknown", "NewState"=>"21", "NewStateName"=>"StateDisconnected", "Event"=>"43", "EventName"=>"Event_Disconnect", "ErrorCode"=>"0x80070040", "EventReceivedTime"=>"2018-12-31 17:34:15", "SourceModuleName"=>"eventlog", "SourceModuleType"=>"im_msvistalog", "message"=>"RDP_TCP: An error was encountered when transitioning from StateUnknown in response to Event_Disconnect (error code 0x80070040).", "@version"=>"1", "@timestamp"=>"2018-12-31T17:34:20.208Z", "host"=>"10.109.196.135", "port"=>52025, "type"=>"eventlog"}, @metadata={}, @accessors=#<LogStash::Util::Accessors:0x2dd5366 @store={"EventTime"=>"2018-12-31 17:34:14", "Hostname"=>" -RAV01", "Keywords"=>4611686018427387904, "EventType"=>"WARNING", "SeverityValue"=>3, "Severity"=>"WARNING", "EventID"=>226, "SourceName"=>"Microsoft-Windows-RemoteDesktopServices-RdpCoreTS", "ProviderGuid"=>"{1139C61B-B549-4251-8ED3-27250A1EDEC8}", "Version"=>0, "Task"=>4, "OpcodeValue"=>19, "RecordNumber"=>6350, "ActivityID"=>"{F420E538-D917-40F2-BA1C-E87C50170000}", "ProcessID"=>868, "ThreadID"=>6552, "Channel"=>"Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational", "Domain"=>"NT AUTHORITY", "AccountName"=>"NETWORK SERVICE", "UserID"=>"S-1-5-20", "AccountType"=>"Well Known Group", "Category"=>"RemoteFX module", "Opcode"=>"Runtime", "StateTransition"=>"RDP_TCP", "PreviousState"=>"23", "PreviousStateName"=>"StateUnknown", "NewState"=>"21", "NewStateName"=>"StateDisconnected", "Event"=>"43", "EventName"=>"Event_Disconnect", "ErrorCode"=>"0x80070040", "EventReceivedTime"=>"2018-12-31 17:34:15", "SourceModuleName"=>"eventlog", "SourceModuleType"=>"im_msvistalog", "message"=>"RDP_TCP: An error was encountered when transitioning from StateUnknown in response to Event_Disconnect (error code 0x80070040).", "@version"=>"1", "@timestamp"=>"2018-12-31T17:34:20.208Z", "host"=>"10.109.196.135", "port"=>52025, "type"=>"eventlog"}, @lut={"type"=>[{"EventTime"=>"2018-12-31 17:34:14", "Hostname"=>" -RAV01", "Keywords"=>4611686018427387904, "EventType"=>"WARNING", "SeverityValue"=>3, "Severity"=>"WARNING", "EventID"=>226, "SourceName"=>"Microsoft-Windows-RemoteDesktopServices-RdpCoreTS", "ProviderGuid"=>"{1139C61B-B549-4251-8ED3-27250A1EDEC8}", "Version"=>0, "Task"=>4, "OpcodeValue"=>19, "RecordNumber"=>6350, "ActivityID"=>"{F420E538-D917-40F2-BA1C-E87C50170000}", "ProcessID"=>868, "ThreadID"=>6552, "Channel"=>"Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational", "Domain"=>"NT AUTHORITY", "AccountName"=>"NETWORK SERVICE", "UserID"=>"S-1-5-20", "AccountType"=>"Well Known Group", "Category"=>"RemoteFX module", "Opcode"=>"Runtime", "StateTransition"=>"RDP_TCP", "PreviousState"=>"23", "PreviousStateName"=>"StateUnknown", "NewState"=>"21", "NewStateName"=>"StateDisconnected", "Event"=>"43", "EventName"=>"Event_Disconnect", "ErrorCode"=>"0x80070040", "EventReceivedTime"=>"2018-12-31 17:34:15", "SourceModuleName"=>"eventlog", "SourceModuleType"=>"im_msvistalog", "message"=>"RDP_TCP: An error was encountered when transitioning from StateUnknown in response to Event_Disconnect (error code 0x80070040).", "@version"=>"1", "@timestamp"=>"2018-12-31T17:34:20.208Z", "host"=>"10.109.196.135", "port"=>52025, "type"=>"eventlog"}, "type"], "[program]"=>[{"EventTime"=>"2018-12-31 17:34:14", "Hostname"=>" -RAV01", "Keywords"=>4611686018427387904, "EventType"=>"WARNING", "SeverityValue"=>3, "Severity"=>"WARNING", "EventID"=>226, "SourceName"=>"Microsoft-Windows-RemoteDesktopServices-RdpCoreTS", "ProviderGuid"=>"{1139C61B-B549-4251-8ED3-27250A1EDEC8}", "Version"=>0, "Task"=>4, "OpcodeValue"=>19, "RecordNumber"=>6350, "ActivityID"=>"{F420E538-D917-40F2-BA1C-E87C50170000}", "ProcessID"=>868, "ThreadID"=>6552, "Channel"=>"Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational", "Domain"=>"NT AUTHORITY", "AccountName"=>"NETWORK SERVICE", "UserID"=>"S-1-5-20", "AccountType"=>"Well Known Group", "Category"=>"RemoteFX module", "Opcode"=>"Runtime", "StateTransition"=>"RDP_TCP", "PreviousState"=>"23", "PreviousStateName"=>"StateUnknown", "NewState"=>"21", "NewStateName"=>"StateDisconnected", "Event"=>"43", "EventName"=>"Event_Disconnect", "ErrorCode"=>"0x80070040", "EventReceivedTime"=>"2018-12-31 17:34:15", "SourceModuleName"=>"eventlog", "SourceModuleType"=>"im_msvistalog", "message"=>"RDP_TCP: An error was encountered when transitioning from StateUnknown in response to Event_Disconnect (error code 0x80070040).", "@version"=>"1", "@timestamp"=>"2018-12-31T17:34:20.208Z", "host"=>"10.109.196.135", "port"=>52025, "type"=>"eventlog"}, "program"], "[host]"=>[{"EventTime"=>"2018-12-31 17:34:14", "Hostname"=>" -RAV01", "Keywords"=>4611686018427387904, "EventType"=>"WARNING", "SeverityValue"=>3, "Severity"=>"WARNING", "EventID"=>226, "SourceName"=>"Microsoft-Windows-RemoteDesktopServices-RdpCoreTS", "ProviderGuid"=>"{1139C61B-B549-4251-8ED3-27250A1EDEC8}", "Version"=>0, "Task"=>4, "OpcodeValue"=>19, "RecordNumber"=>6350, "ActivityID"=>"{F420E538-D917-40F2-BA1C-E87C50170000}", "ProcessID"=>868, "ThreadID"=>6552, "Channel"=>"Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational", "Domain"=>"NT AUTHORITY", "AccountName"=>"NETWORK SERVICE", "UserID"=>"S-1-5-20", "AccountType"=>"Well Known Group", "Category"=>"RemoteFX module", "Opcode"=>"Runtime", "StateTransition"=>"RDP_TCP", "PreviousState"=>"23", "PreviousStateName"=>"StateUnknown", "NewState"=>"21", "NewStateName"=>"StateDisconnected", "Event"=>"43", "EventName"=>"Event_Disconnect", "ErrorCode"=>"0x80070040", "EventReceivedTime"=>"2018-12-31 17:34:15", "SourceModuleName"=>"eventlog", "SourceModuleType"=>"im_msvistalog", "message"=>"RDP_TCP: An error was encountered when transitioning from StateUnknown in response to Event_Disconnect (error code 0x80070040).", "@version"=>"1", "@timestamp"=>"2018-12-31T17:34:20.208Z", "host"=>"10.109.196.135", "port"=>52025, "type"=>"eventlog"}, "host"]}>>], :response=>{"create"=>{"_index"=>"logstash-2018.12.31", "_type"=>"eventlog", "_id"=>"AWgFVKgSBNPXRS-PpM6U", "status"=>400, "error"=>"MapperParsingException[failed to parse [ErrorCode]]; nested: NumberFormatException[For input string: \"0x80070040\"]; "}}, :level=>:warn}
{:timestamp=>"2019-01-01T02:10:18.353000+0800", :message=>"Failed action. ", :status=>400, :action=>["index", {:_id=>nil, :_index=>"logstash-2018.12.31", :_type=>"eventlog", :_routing=>nil}, #<LogStash::Event:0x6c46643d @metadata_accessors=#<LogStash::Util::Accessors:0x7d5ab20f @store={}, @lut={}>, @cancelled=false, @data={"EventTime"=>"2018-12-31 18:09:34", "Hostname"=>" -RBKP01", "Keywords"=>4611686018427387904, "EventType"=>"WARNING", "SeverityValue"=>3, "Severity"=>"WARNING", "EventID"=>226, "SourceName"=>"Microsoft-Windows-RemoteDesktopServices-RdpCoreTS", "ProviderGuid"=>"{1139C61B-B549-4251-8ED3-27250A1EDEC8}", "Version"=>0, "Task"=>4, "OpcodeValue"=>19, "RecordNumber"=>6933, "ActivityID"=>"{F420C7FE-459B-4921-98C1-D356D0570000}", "ProcessID"=>984, "ThreadID"=>10824, "Channel"=>"Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational", "Domain"=>"NT AUTHORITY", "AccountName"=>"NETWORK SERVICE", "UserID"=>"S-1-5-20", "AccountType"=>"Well Known Group", "Category"=>"RemoteFX module", "Opcode"=>"Runtime", "StateTransition"=>"RDP_SEC", "PreviousState"=>"0", "PreviousStateName"=>"FStatePassthrough", "NewState"=>"9", "NewStateName"=>"FStateError", "Event"=>"16", "EventName"=>"FEventCheckAndCompleteReadsFailed", "ErrorCode"=>"0x8007139f", "EventReceivedTime"=>"2018-12-31 18:09:36", "SourceModuleName"=>"eventlog", "SourceModuleType"=>"im_msvistalog", "message"=>"RDP_SEC: An error was encountered when transitioning from FStatePassthrough in response to FEventCheckAndCompleteReadsFailed (error code 0x8007139F).", "@version"=>"1", "@timestamp"=>"2018-12-31T18:10:17.821Z", "host"=>"10.109.196.138", "port"=>56968, "type"=>"eventlog"}, @metadata={}, @accessors=#<LogStash::Util::Accessors:0xd65f8ab @store={"EventTime"=>"2018-12-31 18:09:34", "Hostname"=>" -RBKP01", "Keywords"=>4611686018427387904, "EventType"=>"WARNING", "SeverityValue"=>3, "Severity"=>"WARNING", "EventID"=>226, "SourceName"=>"Microsoft-Windows-RemoteDesktopServices-RdpCoreTS", "ProviderGuid"=>"{1139C61B-B549-4251-8ED3-27250A1EDEC8}", "Version"=>0, "Task"=>4, "OpcodeValue"=>19, "RecordNumber"=>6933, "ActivityID"=>"{F420C7FE-459B-4921-98C1-D356D0570000}", "ProcessID"=>984, "ThreadID"=>10824, "Channel"=>"Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational", "Domain"=>"NT AUTHORITY", "AccountName"=>"NETWORK SERVICE", "UserID"=>"S-1-5-20", "AccountType"=>"Well Known Group", "Category"=>"RemoteFX module", "Opcode"=>"Runtime", "StateTransition"=>"RDP_SEC", "PreviousState"=>"0", "PreviousStateName"=>"FStatePassthrough", "NewState"=>"9", "NewStateName"=>"FStateError", "Event"=>"16", "EventName"=>"FEventCheckAndCompleteReadsFailed", "ErrorCode"=>"0x8007139f", "EventReceivedTime"=>"2018-12-31 18:09:36", "SourceModuleName"=>"eventlog", "SourceModuleType"=>"im_msvistalog", "message"=>"RDP_SEC: An error was encountered when transitioning from FStatePassthrough in response to FEventCheckAndCompleteReadsFailed (error code 0x8007139F).", "@version"=>"1", "@timestamp"=>"2018-12-31T18:10:17.821Z", "host"=>"10.109.196.138", "port"=>56968, "type"=>"eventlog"}, @lut={"type"=>[{"EventTime"=>"2018-12-31 18:09:34", "Hostname"=>" -RBKP01", "Keywords"=>4611686018427387904, "EventType"=>"WARNING", "SeverityValue"=>3, "Severity"=>"WARNING", "EventID"=>226, "SourceName"=>"Microsoft-Windows-RemoteDesktopServices-RdpCoreTS", "ProviderGuid"=>"{1139C61B-B549-4251-8ED3-27250A1EDEC8}", "Version"=>0, "Task"=>4, "OpcodeValue"=>19, "RecordNumber"=>6933, "ActivityID"=>"{F420C7FE-459B-4921-98C1-D356D0570000}", "ProcessID"=>984, "ThreadID"=>10824, "Channel"=>"Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational", "Domain"=>"NT AUTHORITY", "AccountName"=>"NETWORK SERVICE", "UserID"=>"S-1-5-20", "AccountType"=>"Well Known Group", "Category"=>"RemoteFX module", "Opcode"=>"Runtime", "StateTransition"=>"RDP_SEC", "PreviousState"=>"0", "PreviousStateName"=>"FStatePassthrough", "NewState"=>"9", "NewStateName"=>"FStateError", "Event"=>"16", "EventName"=>"FEventCheckAndCompleteReadsFailed", "ErrorCode"=>"0x8007139f", "EventReceivedTime"=>"2018-12-31 18:09:36", "SourceModuleName"=>"eventlog", "SourceModuleType"=>"im_msvistalog", "message"=>"RDP_SEC: An error was encountered when transitioning from FStatePassthrough in response to FEventCheckAndCompleteReadsFailed (error code 0x8007139F).", "@version"=>"1", "@timestamp"=>"2018-12-31T18:10:17.821Z", "host"=>"10.109.196.138", "port"=>56968, "type"=>"eventlog"}, "type"], "[program]"=>[{"EventTime"=>"2018-12-31 18:09:34", "Hostname"=>" -RBKP01", "Keywords"=>4611686018427387904, "EventType"=>"WARNING", "SeverityValue"=>3, "Severity"=>"WARNING", "EventID"=>226, "SourceName"=>"Microsoft-Windows-RemoteDesktopServices-RdpCoreTS", "ProviderGuid"=>"{1139C61B-B549-4251-8ED3-27250A1EDEC8}", "Version"=>0, "Task"=>4, "OpcodeValue"=>19, "RecordNumber"=>6933, "ActivityID"=>"{F420C7FE-459B-4921-98C1-D356D0570000}", "ProcessID"=>984, "ThreadID"=>10824, "Channel"=>"Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational", "Domain"=>"NT AUTHORITY", "AccountName"=>"NETWORK SERVICE", "UserID"=>"S-1-5-20", "AccountType"=>"Well Known Group", "Category"=>"RemoteFX module", "Opcode"=>"Runtime", "StateTransition"=>"RDP_SEC", "PreviousState"=>"0", "PreviousStateName"=>"FStatePassthrough", "NewState"=>"9", "NewStateName"=>"FStateError", "Event"=>"16", "EventName"=>"FEventCheckAndCompleteReadsFailed", "ErrorCode"=>"0x8007139f", "EventReceivedTime"=>"2018-12-31 18:09:36", "SourceModuleName"=>"eventlog", "SourceModuleType"=>"im_msvistalog", "message"=>"RDP_SEC: An error was encountered when transitioning from FStatePassthrough in response to FEventCheckAndCompleteReadsFailed (error code 0x8007139F).", "@version"=>"1", "@timestamp"=>"2018-12-31T18:10:17.821Z", "host"=>"10.109.196.138", "port"=>56968, "type"=>"eventlog"}, "program"], "[host]"=>[{"EventTime"=>"2018-12-31 18:09:34", "Hostname"=>" -RBKP01", "Keywords"=>4611686018427387904, "EventType"=>"WARNING", "SeverityValue"=>3, "Severity"=>"WARNING", "EventID"=>226, "SourceName"=>"Microsoft-Windows-RemoteDesktopServices-RdpCoreTS", "ProviderGuid"=>"{1139C61B-B549-4251-8ED3-27250A1EDEC8}", "Version"=>0, "Task"=>4, "OpcodeValue"=>19, "RecordNumber"=>6933, "ActivityID"=>"{F420C7FE-459B-4921-98C1-D356D0570000}", "ProcessID"=>984, "ThreadID"=>10824, "Channel"=>"Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational", "Domain"=>"NT AUTHORITY", "AccountName"=>"NETWORK SERVICE", "UserID"=>"S-1-5-20", "AccountType"=>"Well Known Group", "Category"=>"RemoteFX module", "Opcode"=>"Runtime", "StateTransition"=>"RDP_SEC", "PreviousState"=>"0", "PreviousStateName"=>"FStatePassthrough", "NewState"=>"9", "NewStateName"=>"FStateError", "Event"=>"16", "EventName"=>"FEventCheckAndCompleteReadsFailed", "ErrorCode"=>"0x8007139f", "EventReceivedTime"=>"2018-12-31 18:09:36", "SourceModuleName"=>"eventlog", "SourceModuleType"=>"im_msvistalog", "message"=>"RDP_SEC: An error was encountered when transitioning from FStatePassthrough in response to FEventCheckAndCompleteReadsFailed (error code 0x8007139F).", "@version"=>"1", "@timestamp"=>"2018-12-31T18:10:17.821Z", "host"=>"10.109.196.138", "port"=>56968, "type"=>"eventlog"}, "host"]}>>], :response=>{"create"=>{"_index"=>"logstash-2018.12.31", "_type"=>"eventlog", "_id"=>"AWgFdZRpBNPXRS-PpSTB", "status"=>400, "error"=>"MapperParsingException[failed to parse [ErrorCode]]; nested: NumberFormatException[For input string: \"0x8007139f\"]; "}}, :level=>:warn}
Elasticsearch old log:

Code: Select all

[2019-01-08 07:48:02,457][INFO ][cluster.metadata         ] [efc78a82-f33a-4f5f-8ffa-13228247b3bb] [logstash-2019.01.08] creating index, cause [auto(bulk api)], templates [logstash], shards [5]/[1], mappings [_default_, syslog]
[2019-01-08 07:48:02,539][INFO ][cluster.metadata         ] [efc78a82-f33a-4f5f-8ffa-13228247b3bb] [logstash-2019.01.08] update_mapping [syslog] (dynamic)
[2019-01-08 07:48:02,547][INFO ][cluster.metadata         ] [efc78a82-f33a-4f5f-8ffa-13228247b3bb] [logstash-2019.01.08] update_mapping [syslog] (dynamic)
[2019-01-08 08:00:08,381][INFO ][cluster.metadata         ] [efc78a82-f33a-4f5f-8ffa-13228247b3bb] [logstash-2019.01.08] update_mapping [eventlog] (dynamic)
[2019-01-08 08:00:19,460][INFO ][cluster.metadata         ] [efc78a82-f33a-4f5f-8ffa-13228247b3bb] [logstash-2019.01.08] update_mapping [eventlog] (dynamic)
[2019-01-08 08:02:03,184][INFO ][cluster.metadata         ] [efc78a82-f33a-4f5f-8ffa-13228247b3bb] [logstash-2019.01.08] update_mapping [eventlog] (dynamic)
[2019-01-08 08:03:43,734][INFO ][cluster.metadata         ] [efc78a82-f33a-4f5f-8ffa-13228247b3bb] [logstash-2019.01.08] update_mapping [eventlog] (dynamic)
[2019-01-08 08:03:43,747][INFO ][cluster.metadata         ] [efc78a82-f33a-4f5f-8ffa-13228247b3bb] [logstash-2019.01.08] update_mapping [eventlog] (dynamic)
[2019-01-08 08:03:54,535][INFO ][cluster.metadata         ] [efc78a82-f33a-4f5f-8ffa-13228247b3bb] [logstash-2019.01.08] update_mapping [eventlog] (dynamic)
[2019-01-08 08:08:33,117][INFO ][cluster.metadata         ] [efc78a82-f33a-4f5f-8ffa-13228247b3bb] [logstash-2019.01.08] update_mapping [eventlog] (dynamic)
[2019-01-08 08:08:55,770][INFO ][cluster.metadata         ] [efc78a82-f33a-4f5f-8ffa-13228247b3bb] [logstash-2019.01.08] update_mapping [eventlog] (dynamic)
[2019-01-08 08:11:17,623][INFO ][cluster.metadata         ] [efc78a82-f33a-4f5f-8ffa-13228247b3bb] [logstash-2019.01.08] update_mapping [eventlog] (dynamic)
[2019-01-08 08:16:27,564][INFO ][cluster.metadata         ] [efc78a82-f33a-4f5f-8ffa-13228247b3bb] [logstash-2019.01.08] update_mapping [eventlog] (dynamic)
[2019-01-08 08:24:01,310][INFO ][cluster.metadata         ] [efc78a82-f33a-4f5f-8ffa-13228247b3bb] [logstash-2019.01.08] update_mapping [eventlog] (dynamic)
[2019-01-08 08:39:54,262][INFO ][cluster.metadata         ] [efc78a82-f33a-4f5f-8ffa-13228247b3bb] [logstash-2019.01.08] update_mapping [eventlog] (dynamic)
[2019-01-08 12:57:39,770][INFO ][cluster.metadata         ] [efc78a82-f33a-4f5f-8ffa-13228247b3bb] [logstash-2019.01.08] update_mapping [eventlog] (dynamic)
[2019-01-08 15:16:28,586][INFO ][cluster.metadata         ] [efc78a82-f33a-4f5f-8ffa-13228247b3bb] [logstash-2019.01.08] update_mapping [eventlog] (dynamic)
[2019-01-08 15:30:53,598][INFO ][cluster.metadata         ] [efc78a82-f33a-4f5f-8ffa-13228247b3bb] [logstash-2019.01.08] update_mapping [eventlog] (dynamic)
[2019-01-09 03:00:01,362][INFO ][cluster.metadata         ] [efc78a82-f33a-4f5f-8ffa-13228247b3bb] [logstash-2019.01.08] update_mapping [eventlog] (dynamic)
[2019-01-09 03:29:57,153][INFO ][cluster.metadata         ] [efc78a82-f33a-4f5f-8ffa-13228247b3bb] [logstash-2019.01.08] update_mapping [eventlog] (dynamic)

Re: Can't Verify Log Source

Posted: Tue Jan 08, 2019 11:00 pm
by floki
I'm still unsure what happened but it is working fine now. Thanks a lot

Re: Can't Verify Log Source

Posted: Wed Jan 09, 2019 12:14 pm
by scottwilkerson
floki wrote:I'm still unsure what happened but it is working fine now. Thanks a lot
glad to hear it is working now

Locking thread
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited