This new version is vastly faster than the previous revisions. It's very nice. Thank you all for putting in the effort. Hopefully I'll be able to convince management to secure a support contract once .20 becomes more release-worthy.
Now, I'm about to pull my hair out. I had a working implementation and one afternoon I altered start up configuration to allow for more elasticsearch and graylog heap memory, and I simply cannot get it to connect to the cluster. I've always had zen discovery problems, even years ago with older versions. When I upgrade to the new RC1.1, I blew up my old elasticsearch data (about 8TB worth of logdata) and wiped my mongo DB to start fresh. Bigdesk has my cluster status as green, all of the indices appear to be accessible. Here's the nitty gritty of our environment: Server: CentOS release 6.5 (Final) graylog2.conf <http://pastebin.com/Z14c6K1k> elasticsearch-graylog.conf <http://pastebin.com/GMJMehAx> elasticsearch.yml <http://pastebin.com/CMNyJANz> ifconfig <http://pastebin.com/k7wBwEgX> graylog2-server.jar --debug <http://pastebin.com/95r4ZuZn> Elasticsearch's Start Log <http://pastebin.com/DqRqqCKy> Non-debug graylog-server service start <http://pastebin.com/fUagNfiA> Here's some stuff out of BigDesk elasticsearch plugin running on port 9200: Elasticsearch version: 0.90.10 Indices Docs count: 705,052,192 HTTP address: inet[/172.16.1.166:9200] Bound address: inet[/0:0:0:0:0:0:0:0:9200] Publish address: inet[/172.16.1.166:9200] Transport address: inet[/172.16.1.166:9300] Bound address: inet[/0:0:0:0:0:0:0:0:9300] Publish address: inet[/172.16.1.166:9300] - I've followed this guide on Torch.sh: http://support.torch.sh/help/kb/graylog2-server/configuring-and-tuning-elasticsearch-for-graylog2-v0200 - It doesn't matter if iptables is running or not. - Multicast won't work in our environment. - Setting specific bind addresses for either elasticsearch or graylog won't appear to work. As you can see, I have two physical interfaces. I want to listen on .166 for my graylog inputs, .165 is for logstash for cisco log reformatting. I honestly don't care what interface elasticsearch listens on as long as it's consistant. - Graylog is configured to NOT be a master or a data node both in graylog.conf and elasticsearch-graylog.con (the elasticsearch_config_file I'm using - it is DIFFERENT than the elasticsearch config file, that's correct, right?). Commenting those master/data lines out in graylog2.conf doesn't seem to help the situation either. What is so perplexing is the setup was working just fine previously - I could start/stop the services without issue. I'm running out of things to try and elasticsearch articles and threads on this problem to read. Am I completely missing something? Is IPv6 breaking things? -- You received this message because you are subscribed to the Google Groups "graylog2" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
