Believe this is now broken in Graylog 3.x

[JSylvia007]

This is now broken due to changes in Graylog 3.x (and a critical support package dropping support for underscores).

Graylog2/graylog2-server#5704
thekrakken/java-grok#108
https://community.graylog.org/t/upgrade-of-graylog-from-2-5-x-to-3-x-results-in/9368

[Berzerker]

Agree, tried to get this working with 3.0, but I got stuck a few times. An update for 3.0 would be great.

[JSylvia007]

I think it will begin working again when graylog 3.0.1 is released.

[devzwf]

with 3.0.1 released , is this work again ?

[JSylvia007]

with 3.0.1 released , is this work again ?

Yup! I just updated without any changes and it starting working again.

[devzwf]

when trying to install content pack i have :

Error
Installing content pack failed with status: Error: cannot POST http://<IP Removed>:9600/api/system/content_packs/1057ded6-9d12-4c8e-8c0c-789a19ff61d2/0/installations (500). Could not install content pack with ID: 1057ded6-9d12-4c8e-8c0c-789a19ff61d2

[JSylvia007]

Unfortunately, I needed to manually hack it to get it installed. Once it is installed, it works, but there were multiple changes that I needed to make. Unfortunately, it varies for each person's install of Graylog/Grafana, etc.

[devzwf]

where should i start ? :)
i will check the log

[JSylvia007]

Good Luck my friend. I believe I looked at the graylog server log and started to fix the issues one-by-one in the JSON file and then attempted a re-import. I did this for EACH issue I came across. I remember it took me a whole weekend to get this sorted out and installed.

[devzwf]

Thanks i goona try and start with the lookup one , or i will install by 2.5 and them update we will see, will be fun :)

[devzwf]

just want to report back
I was able to make this work with graylog 3.0.1 + grafana 6.1.1+ elasticsearch 6.7.1
lots of poking and error try.... thanks to snapshot :)

I am not fully statisfied yet of the result (geoip still flaky) , still need some polish but it is working

[mauroprojetos]

Could someone share and file to work with graylog 3.1?

[derekslenk]

Could someone share and file to work with graylog 3.1?

Or point to the log files to look at?

[devzwf]

I will try to write the step i used (not easy , like i said was a lot of poking but i will give the basic direction)

[derekslenk]

I will try to write the step i used (not easy , like i said was a lot of poking but i will give the basic direction)

Many thanks

[CluelessTechnologist]

I will try to write the step i used (not easy , like i said was a lot of poking but i will give the basic direction)

Sorry to bother you but did you ever finish this updated step by step?

[CluelessTechnologist]

Can someone up the updated json file?

[ghost]

Also trying to get this to work. @devzwf any pointers would be awesome!

[devopstales]

I created an updated version of this content pack for graylog3. You can find the instrucions HERE
@devzwf @mauroprojetos @derekslenk @CluelessTechnologist @Frogger72

[GraysonPeddie]

Please pardon me for bringing up this old thread but I cannot install pfSense content pack in Graylog 3 and I tried to click in the link for an updated version of the content pack but I got a 404 not found.