You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
On the Input Diagnosis page we want to add "?" buttons next to the metrics which toggle a tooltip on click with additional explanation for each metric
Copies:
This Input is Listening On - note that bind address needs to direct to the Graylog service. Note that the selected port needs to be free of port conflict with another input on each node. Remember that a local input on a single node might conflict with a global input that is runs on all nodes, causing the input to fail on a single input
This Input is Listening For - note that UPD traffic sent to a TCP input, or TCP traffic sent to a UDP input will show up as network I/O, but no messages will be received.
Empty Messages Discarded - describe the criteria for a mesage to be discarded as empty.
Network I/O - note that this value can be used to detect connection attempts and invalid traffic to an input.
Input State - An Input in running State is ready to receive messages. An Input in a failed or failing state has encountered a problem; click on the button below to view the associated error message.
Message Error At Input - each input type expects to receive messages in a particular format. Messages that break this format can be rejected by the Input, in which case they will not proceed to processing. To resolve these cases, review the messages that are being sent. More descriptive errors can be found in Graylog’s server.log file.
Message Failed to Process - Within Graylog, extractors and pipelines can be used to perform processing operations on messages such as parsing out fields. A pipeline rule that tries to perform a nonsensical operation, or that modifies the properties of a field in the message to a format that conflicts with the data type or field length limits of that field, can fail to process. Messages that fail to process in this fashion can be reviewed within the Processing and Indexing Failures stream.
Message Failed to Index - Within the search cluster, a message can only be saved into an Index if it meets the schema of that Index. Each field in Opensearch has a field type and character limit; if either is exceeded, the message will fail to Index. Messages that fail to Index in this fashion can be reviewed within the Processing and Indexing Failures stream.
Received Message count by Stream - use this view to understand where stream and pipeline rules are directing the messages from this Input. A message can be duplicated into multiple streams; if this results in the message being saved to more than one Index, this can also multiply license usage. This view can be useful to detect such duplication.
The text was updated successfully, but these errors were encountered:
Copies:
This Input is Listening On - note that bind address needs to direct to the Graylog service. Note that the selected port needs to be free of port conflict with another input on each node. Remember that a local input on a single node might conflict with a global input that is runs on all nodes, causing the input to fail on a single input
This Input is Listening For - note that UPD traffic sent to a TCP input, or TCP traffic sent to a UDP input will show up as network I/O, but no messages will be received.
Empty Messages Discarded - describe the criteria for a mesage to be discarded as empty.
Network I/O - note that this value can be used to detect connection attempts and invalid traffic to an input.
Input State - An Input in running State is ready to receive messages. An Input in a failed or failing state has encountered a problem; click on the button below to view the associated error message.
Message Error At Input - each input type expects to receive messages in a particular format. Messages that break this format can be rejected by the Input, in which case they will not proceed to processing. To resolve these cases, review the messages that are being sent. More descriptive errors can be found in Graylog’s server.log file.
Message Failed to Process - Within Graylog, extractors and pipelines can be used to perform processing operations on messages such as parsing out fields. A pipeline rule that tries to perform a nonsensical operation, or that modifies the properties of a field in the message to a format that conflicts with the data type or field length limits of that field, can fail to process. Messages that fail to process in this fashion can be reviewed within the Processing and Indexing Failures stream.
Message Failed to Index - Within the search cluster, a message can only be saved into an Index if it meets the schema of that Index. Each field in Opensearch has a field type and character limit; if either is exceeded, the message will fail to Index. Messages that fail to Index in this fashion can be reviewed within the Processing and Indexing Failures stream.
Received Message count by Stream - use this view to understand where stream and pipeline rules are directing the messages from this Input. A message can be duplicated into multiple streams; if this results in the message being saved to more than one Index, this can also multiply license usage. This view can be useful to detect such duplication.
The text was updated successfully, but these errors were encountered: