graylog-plugin-pipeline-processor icon indicating copy to clipboard operation
graylog-plugin-pipeline-processor copied to clipboard

Published 20 hours ago verified publisher icon Graylog2

[DeadEventLoggingListener] Received unhandled event of type org.graylog.plugins.pipelineprocessor...

Open alias454 opened this issue 8 years ago • 4 comments

Problem description

When testing out some pipeline rules, I am seeing inconsistent execution times for the same message when run at different time. I had a thread which has additional information that might give some background to the issue. https://groups.google.com/forum/#!topic/graylog2/FyWgYIzUSMc.

I was having this same issue with a prior version of graylog, which is what prompted me to upgrade to the beta version hoping things would work better but no luck. I do now see some new information in the log files, though.

2016-12-13T19:48:21.906-06:00 WARN  [DeadEventLoggingListener] Received unhandled event of type <org.graylog.plugins.pipelineprocessor.     processors.PipelineInterpreter.State> from event bus <AsyncEventBus{graylog-eventbus}>
2016-12-13T19:51:45.910-06:00 WARN  [DeadEventLoggingListener] Received unhandled event of type <org.graylog.plugins.pipelineprocessor.     processors.PipelineInterpreter.State> from event bus <AsyncEventBus{graylog-eventbus}>

Steps to reproduce the problem

  1. unknown, issue appears on it's own so I am not sure what steps I can take to reproduce it.

Environment

  • Graylog Version: 2.2.0-beta
  • Pipeline Processor plugin version: 2.2.0-beta
  • Elasticsearch Version: 2.4.1
  • MongoDB Version: 3.2.11
  • Operating System: CentOS 7 Linux 3.10.0-327.36.3.el7.x86_64
  • Browser version: FireFox 45.5.1 ESR

Any Ideas?

alias454 avatar Dec 14 '16 02:12 alias454

I've had the same Problem today, i changed some rules form:

rule "rewrite source field for CMTS AS02"
when
  (to_string($message.source) == "CMTS") && (to_string($message.gl2_remote_ip) == "123.123.123.2")
then
  set_field("source", "AS02_E6000");
  route_to_stream("CMTS Stream");
end

to

rule "rewrite source field for CMTS AS02"
when
  (to_string($message.source) == "CMTS") && (to_string($message.gl2_remote_ip) == "123.123.123.2")
then
  set_field("source", "AS02_E6000");
  //route_to_stream("CMTS Stream");
end

then i got this error messages flooding my log:

2017-02-21T12:25:12.428+01:00 WARN  [DeadEventLoggingListener] Received unhandled event of type <org.graylog.plugins.pipelineprocessor.processors.PipelineInterpreter.State> from event bus <AsyncEventBus{graylog-eventbus}>
2017-02-21T12:25:19.429+01:00 WARN  [DeadEventLoggingListener] Received unhandled event of type <org.graylog.plugins.pipelineprocessor.processors.PipelineInterpreter.State> from event bus <AsyncEventBus{graylog-eventbus}>
2017-02-21T12:25:28.426+01:00 WARN  [DeadEventLoggingListener] Received unhandled event of type <org.graylog.plugins.pipelineprocessor.processors.PipelineInterpreter.State> from event bus <AsyncEventBus{graylog-eventbus}>
2017-02-21T12:25:33.428+01:00 WARN  [DeadEventLoggingListener] Received unhandled event of type <org.graylog.plugins.pipelineprocessor.processors.PipelineInterpreter.State> from event bus <AsyncEventBus{graylog-eventbus}>
2017-02-21T12:25:37.427+01:00 WARN  [DeadEventLoggingListener] Received unhandled event of type <org.graylog.plugins.pipelineprocessor.processors.PipelineInterpreter.State> from event bus <AsyncEventBus{graylog-eventbus}>
2017-02-21T12:25:43.427+01:00 WARN  [DeadEventLoggingListener] Received unhandled event of type <org.graylog.plugins.pipelineprocessor.processors.PipelineInterpreter.State> from event bus <AsyncEventBus{graylog-eventbus}>
2017-02-21T12:25:49.428+01:00 WARN  [DeadEventLoggingListener] Received unhandled event of type <org.graylog.plugins.pipelineprocessor.processors.PipelineInterpreter.State> from event bus <AsyncEventBus{graylog-eventbus}>
2017-02-21T12:25:56.428+01:00 WARN  [DeadEventLoggingListener] Received unhandled event of type <org.graylog.plugins.pipelineprocessor.processors.PipelineInterpreter.State> from event bus <AsyncEventBus{graylog-eventbus}>
2017-02-21T12:26:01.431+01:00 WARN  [DeadEventLoggingListener] Received unhandled event of type <org.graylog.plugins.pipelineprocessor.processors.PipelineInterpreter.State> from event bus <AsyncEventBus{graylog-eventbus}>
2017-02-21T12:26:07.428+01:00 WARN  [DeadEventLoggingListener] Received unhandled event of type <org.graylog.plugins.pipelineprocessor.processors.PipelineInterpreter.State> from event bus <AsyncEventBus{graylog-eventbus}>

then i changed it back to.

rule "rewrite source field for CMTS AS02"
when
  (to_string($message.source) == "CMTS") && (to_string($message.gl2_remote_ip) == "123.123.123.2")
then
  set_field("source", "AS02_E6000");
  route_to_stream("CMTS Stream");
end

and everything is normal now.

Maybe some problem with the Comment?

Graylog 2.2.0+d9681cb on syslog.xyz.local (Oracle Corporation 1.8.0_121 on Linux 3.10.0-327.22.2.el7.x86_64)

gruselglatz avatar Feb 21 '17 11:02 gruselglatz

@gruselglatz Is the end keyword missing in you rule?

joschi avatar Feb 21 '17 12:02 joschi

@joschi ups, sry, copy paste error. The end keyword wasn't missing

gruselglatz avatar Feb 21 '17 12:02 gruselglatz

+1

julienlau avatar Nov 14 '17 13:11 julienlau