Hi, which version of Graylog and which version of Elasticsearch are you running?
Cheers, Jochen On Monday, 16 May 2016 21:26:53 UTC+2, EP wrote: > > First time setting up Graylog and Elasticsearch > > Receiving the errors in the subject line. > > Configs and logs below: > > ES yml > > cluster.name: graylog2 > network.bind_host: localhost > http.port: 9200 > discovery.zen.ping.unicast.hosts: 127.0.0.1 > script.inline: off > script.indexed: off > > > Graylog server.conf > > is_master = true > node_id_file = /etc/graylog/server/node-id > password_secret = <secret> > root_password_sha2 = <secret> > plugin_dir = /usr/share/graylog-server/plugin > rest_listen_uri = http://127.0.0.1:12900/ > rotation_strategy = count > elasticsearch_max_docs_per_index = 20000000 > rotation_strategy = count > elasticsearch_max_docs_per_index = 20000000 > elasticsearch_max_number_of_indices = 20 > retention_strategy = delete > elasticsearch_max_number_of_indices = 20 > retention_strategy = delete > elasticsearch_shards = 4 > elasticsearch_replicas = 0 > elasticsearch_index_prefix = graylog > allow_leading_wildcard_searches = false > allow_highlighting = false > elasticsearch_discovery_zen_ping_unicast_hosts = 127.0.0.1 > elasticsearch_analyzer = standard > output_batch_size = 500 > output_flush_interval = 1 > output_fault_count_threshold = 5 > output_fault_penalty_seconds = 30 > processbuffer_processors = 5 > outputbuffer_processors = 3 > processor_wait_strategy = blocking > ring_size = 65536 > inputbuffer_ring_size = 65536 > inputbuffer_processors = 2 > inputbuffer_wait_strategy = blocking > message_journal_enabled = true > message_journal_dir = /var/lib/graylog-server/journal > lb_recognition_period_seconds = 3 > mongodb_uri = mongodb://localhost/graylog > mongodb_max_connections = 1000 > mongodb_threads_allowed_to_block_multiplier = 5 > content_packs_dir = /usr/share/graylog-server/contentpacks > content_packs_auto_load = grok-patterns.json > > > > graylog-server.log > > 2016-05-16T15:06:11.556-04:00 INFO [CmdLineTool] Loaded plugins: > [Anonymous Usage Statistics 2.0.1 > [org.graylog.plugins.usagestatistics.UsageStatsPlugin], Pipeline Processor > Plugin 1.0.0-beta.3 > [org.graylog.plugins.pipelineprocessor.ProcessorPlugin], Collector 1.0.1 > [org.graylog.plugins.collector.CollectorPlugin], MapWidgetPlugin 1.0.1 > [org.graylog.plugins.map.MapWidgetPlugin], Enterprise Integration Plugin > 1.0.1 > [org.graylog.plugins.enterprise_integration.EnterpriseIntegrationPlugin]] > 2016-05-16T15:06:11.666-04:00 INFO [CmdLineTool] Running with JVM > arguments: -Xms1g -Xmx1g -XX:NewRatio=1 -XX:+ResizeTLAB > -XX:+UseConcMarkSweepGC -XX:+CMSConcurrentMTEnabled > -XX:+CMSClassUnloadingEnabled -XX:+UseParNewGC > -XX:-OmitStackTraceInFastThrow > -Dlog4j.configurationFile=file:///etc/graylog/server/log4j2.xml > -Djava.library.path=/usr/share/graylog-server/lib/sigar > -Dgraylog2.installation_source=rpm > 2016-05-16T15:06:14.252-04:00 INFO [InputBufferImpl] Message journal is > enabled. > 2016-05-16T15:06:14.480-04:00 INFO [LogManager] Loading logs. > 2016-05-16T15:06:14.579-04:00 INFO [LogManager] Logs loading complete. > 2016-05-16T15:06:14.580-04:00 INFO [KafkaJournal] Initialized Kafka based > journal at /var/lib/graylog-server/journal > 2016-05-16T15:06:14.614-04:00 INFO [InputBufferImpl] Initialized > InputBufferImpl with ring size <65536> and wait strategy > <BlockingWaitStrategy>, running 2 parallel message handlers. > 2016-05-16T15:06:14.657-04:00 INFO [cluster] Cluster created with > settings {hosts=[localhost:27017], mode=SINGLE, > requiredClusterType=UNKNOWN, serverSelectionTimeout='30000 ms', > maxWaitQueueSize=5000} > 2016-05-16T15:06:14.694-04:00 INFO [cluster] No server chosen by > ReadPreferenceServerSelector{readPreference=primary} from cluster > description ClusterDescription{type=UNKNOWN, connectionMode=SINGLE, > all=[ServerDescription{address=localhost:27017, type=UNKNOWN, > state=CONNECTING}]}. Waiting for 30000 ms before timing out > 2016-05-16T15:06:14.738-04:00 INFO [connection] Opened connection > [connectionId{localValue:1, serverValue:93}] to localhost:27017 > 2016-05-16T15:06:14.740-04:00 INFO [cluster] Monitor thread successfully > connected to server with description > ServerDescription{address=localhost:27017, type=STANDALONE, > state=CONNECTED, ok=true, version=ServerVersion{versionList=[3, 2, 6]}, > minWireVersion=0, maxWireVersion=4, maxDocumentSize=16777216, > roundTripTimeNanos=694440} > 2016-05-16T15:06:14.750-04:00 INFO [connection] Opened connection > [connectionId{localValue:2, serverValue:94}] to localhost:27017 > 2016-05-16T15:06:15.005-04:00 INFO [NodeId] Node ID: > b8f9b2e6-ce5f-451a-b8b4-4109281c831d > 2016-05-16T15:06:15.106-04:00 INFO [node] > [graylog-b8f9b2e6-ce5f-451a-b8b4-4109281c831d] version[2.3.2], pid[9867], > build[b9e4a6a/2016-04-21T16:03:47Z] > 2016-05-16T15:06:15.106-04:00 INFO [node] > [graylog-b8f9b2e6-ce5f-451a-b8b4-4109281c831d] initializing ... > 2016-05-16T15:06:15.117-04:00 INFO [plugins] > [graylog-b8f9b2e6-ce5f-451a-b8b4-4109281c831d] modules [], plugins > [graylog-monitor], sites [] > 2016-05-16T15:06:17.040-04:00 INFO [node] > [graylog-b8f9b2e6-ce5f-451a-b8b4-4109281c831d] initialized > 2016-05-16T15:06:17.138-04:00 INFO [Version] HV000001: Hibernate > Validator 5.2.4.Final > 2016-05-16T15:06:17.396-04:00 INFO [ProcessBuffer] Initialized > ProcessBuffer with ring size <65536> and wait strategy > <BlockingWaitStrategy>. > 2016-05-16T15:06:19.909-04:00 INFO [RulesEngineProvider] No static rules > file loaded. > 2016-05-16T15:06:19.973-04:00 INFO [connection] Opened connection > [connectionId{localValue:3, serverValue:95}] to localhost:27017 > 2016-05-16T15:06:20.177-04:00 WARN [GeoIpResolverEngine] GeoIP database > file does not exist: /tmp/GeoLite2-City.mmdb > 2016-05-16T15:06:20.192-04:00 INFO [OutputBuffer] Initialized > OutputBuffer with ring size <65536> and wait strategy > <BlockingWaitStrategy>. > 2016-05-16T15:06:20.858-04:00 INFO [ServerBootstrap] Graylog server 2.0.1 > (81e0187) starting up > 2016-05-16T15:06:20.859-04:00 INFO [ServerBootstrap] JRE: Oracle > Corporation 1.8.0_91 on Linux 3.10.0-327.el7.x86_64 > 2016-05-16T15:06:20.859-04:00 INFO [ServerBootstrap] Deployment: rpm > 2016-05-16T15:06:20.859-04:00 INFO [ServerBootstrap] OS: CentOS Linux 7 > (Core) (centos) > 2016-05-16T15:06:20.859-04:00 INFO [ServerBootstrap] Arch: amd64 > 2016-05-16T15:06:20.865-04:00 WARN [DeadEventLoggingListener] Received > unhandled event of type <org.graylog2.plugin.lifecycles.Lifecycle> from > event bus <AsyncEventBus{graylog-eventbus}> > 2016-05-16T15:06:20.915-04:00 INFO [PeriodicalsService] Starting 24 > periodicals ... > 2016-05-16T15:06:20.916-04:00 INFO [Periodicals] Starting > [org.graylog2.periodical.ThroughputCalculator] periodical in [0s], polling > every [1s]. > 2016-05-16T15:06:20.920-04:00 INFO [Periodicals] Starting > [org.graylog2.periodical.AlertScannerThread] periodical in [10s], polling > every [60s]. > 2016-05-16T15:06:20.927-04:00 INFO [node] > [graylog-b8f9b2e6-ce5f-451a-b8b4-4109281c831d] starting ... > 2016-05-16T15:06:20.930-04:00 INFO [Periodicals] Starting > [org.graylog2.periodical.BatchedElasticSearchOutputFlushThread] periodical > in [0s], polling every [1s]. > 2016-05-16T15:06:20.930-04:00 INFO [Periodicals] Starting > [org.graylog2.periodical.ClusterHealthCheckThread] periodical in [0s], > polling every [20s]. > 2016-05-16T15:06:20.955-04:00 INFO [Periodicals] Starting > [org.graylog2.periodical.ContentPackLoaderPeriodical] periodical, running > forever. > 2016-05-16T15:06:20.956-04:00 INFO [Periodicals] Starting > [org.graylog2.periodical.GarbageCollectionWarningThread] periodical, > running forever. > 2016-05-16T15:06:20.957-04:00 INFO [Periodicals] Starting > [org.graylog2.periodical.IndexerClusterCheckerThread] periodical in [0s], > polling every [30s]. > 2016-05-16T15:06:20.958-04:00 INFO [Periodicals] Starting > [org.graylog2.periodical.IndexRetentionThread] periodical in [0s], polling > every [300s]. > 2016-05-16T15:06:20.959-04:00 INFO [Periodicals] Starting > [org.graylog2.periodical.IndexRotationThread] periodical in [0s], polling > every [10s]. > 2016-05-16T15:06:20.960-04:00 INFO [Periodicals] Starting > [org.graylog2.periodical.NodePingThread] periodical in [0s], polling every > [1s]. > 2016-05-16T15:06:20.962-04:00 INFO [Periodicals] Starting > [org.graylog2.periodical.VersionCheckThread] periodical in [300s], polling > every [1800s]. > 2016-05-16T15:06:20.965-04:00 INFO [Periodicals] Starting > [org.graylog2.periodical.ThrottleStateUpdaterThread] periodical in [1s], > polling every [1s]. > 2016-05-16T15:06:20.967-04:00 INFO [Periodicals] Starting > [org.graylog2.events.ClusterEventPeriodical] periodical in [0s], polling > every [1s]. > 2016-05-16T15:06:20.968-04:00 INFO [Periodicals] Starting > [org.graylog2.events.ClusterEventCleanupPeriodical] periodical in [0s], > polling every [300s]. > 2016-05-16T15:06:20.970-04:00 INFO [Periodicals] Starting > [org.graylog2.periodical.ClusterIdGeneratorPeriodical] periodical, running > forever. > 2016-05-16T15:06:20.971-04:00 INFO [Periodicals] Starting > [org.graylog2.periodical.IndexRangesMigrationPeriodical] periodical, > running forever. > 2016-05-16T15:06:20.972-04:00 INFO [Periodicals] Starting > [org.graylog2.periodical.IndexRangesCleanupPeriodical] periodical in [15s], > polling every [3600s]. > 2016-05-16T15:06:20.974-04:00 INFO [IndexRetentionThread] Elasticsearch > cluster not available, skipping index retention checks. > 2016-05-16T15:06:20.997-04:00 INFO [connection] Opened connection > [connectionId{localValue:4, serverValue:96}] to localhost:27017 > 2016-05-16T15:06:21.002-04:00 INFO [IndexerClusterCheckerThread] Indexer > not fully initialized yet. Skipping periodic cluster check. > 2016-05-16T15:06:21.004-04:00 INFO [connection] Opened connection > [connectionId{localValue:7, serverValue:99}] to localhost:27017 > 2016-05-16T15:06:21.011-04:00 INFO [connection] Opened connection > [connectionId{localValue:5, serverValue:97}] to localhost:27017 > 2016-05-16T15:06:21.025-04:00 INFO [connection] Opened connection > [connectionId{localValue:6, serverValue:98}] to localhost:27017 > 2016-05-16T15:06:21.039-04:00 INFO [PeriodicalsService] Not starting > [org.graylog2.periodical.UserPermissionMigrationPeriodical] periodical. Not > configured to run on this node. > 2016-05-16T15:06:21.040-04:00 INFO [Periodicals] Starting > [org.graylog2.periodical.AlarmCallbacksMigrationPeriodical] periodical, > running forever. > 2016-05-16T15:06:21.040-04:00 INFO [Periodicals] Starting > [org.graylog2.periodical.ConfigurationManagementPeriodical] periodical, > running forever. > 2016-05-16T15:06:21.077-04:00 INFO [Periodicals] Starting > [org.graylog2.periodical.LdapGroupMappingMigration] periodical, running > forever. > 2016-05-16T15:06:21.081-04:00 INFO [Periodicals] Starting > [org.graylog.plugins.usagestatistics.UsageStatsNodePeriodical] periodical > in [300s], polling every [21600s]. > 2016-05-16T15:06:21.093-04:00 INFO [Periodicals] Starting > [org.graylog.plugins.usagestatistics.UsageStatsClusterPeriodical] > periodical in [300s], polling every [21600s]. > 2016-05-16T15:06:21.094-04:00 INFO [Periodicals] Starting > [org.graylog.plugins.collector.periodical.PurgeExpiredCollectorsThread] > periodical in [0s], polling every [3600s]. > 2016-05-16T15:06:21.291-04:00 INFO [transport] > [graylog-b8f9b2e6-ce5f-451a-b8b4-4109281c831d] publish_address { > 127.0.0.1:9350}, bound_addresses {[::1]:9350}, {127.0.0.1:9350} > 2016-05-16T15:06:21.306-04:00 INFO [discovery] > [graylog-b8f9b2e6-ce5f-451a-b8b4-4109281c831d] > graylog/UaTjI60mTkWrF7IVhIEGhg > 2016-05-16T15:06:21.455-04:00 INFO [AbstractJerseyService] Enabling CORS > for HTTP endpoint > 2016-05-16T15:06:24.333-04:00 WARN [discovery] > [graylog-b8f9b2e6-ce5f-451a-b8b4-4109281c831d] waited for 3s and no initial > state was set by the discovery > 2016-05-16T15:06:24.334-04:00 INFO [node] > [graylog-b8f9b2e6-ce5f-451a-b8b4-4109281c831d] started > 2016-05-16T15:06:24.547-04:00 INFO [NetworkListener] Started listener > bound to [127.0.0.1:9000] > 2016-05-16T15:06:24.550-04:00 INFO [HttpServer] [HttpServer] Started. > 2016-05-16T15:06:24.551-04:00 INFO [WebInterfaceService] Started Web > Interface at <http://127.0.0.1:9000/> > 2016-05-16T15:06:29.343-04:00 WARN [IndexerSetupService] Could not > connect to Elasticsearch > 2016-05-16T15:06:29.344-04:00 INFO [IndexerSetupService] If you're using > multicast, check that it is working in your network and that Elasticsearch > is accessible. Also check that the cluster name setting is correct. > 2016-05-16T15:06:29.344-04:00 INFO [IndexerSetupService] See > http://docs.graylog.org/en/2.0/pages/configuring_es.html for details. > 2016-05-16T15:06:29.676-04:00 INFO [NetworkListener] Started listener > bound to [127.0.0.1:12900] > 2016-05-16T15:06:29.677-04:00 INFO [HttpServer] [HttpServer-1] Started. > 2016-05-16T15:06:29.677-04:00 INFO [RestApiService] Started REST API at < > http://127.0.0.1:12900/> > 2016-05-16T15:06:29.678-04:00 INFO [ServiceManagerListener] Services are > healthy > 2016-05-16T15:06:29.679-04:00 INFO [InputSetupService] Triggering > launching persisted inputs, node transitioned from Uninitialized [LB:DEAD] > to Running [LB:ALIVE] > 2016-05-16T15:06:29.682-04:00 INFO [ServerBootstrap] Services started, > startup times in ms: {InputSetupService [RUNNING]=5, MetricsReporterService > [RUNNING]=57, KafkaJournal [RUNNING]=57, BufferSynchronizerService > [RUNNING]=58, OutputSetupService [RUNNING]=78, PeriodicalsService > [RUNNING]=230, JournalReader [RUNNING]=267, WebInterfaceService > [RUNNING]=3633, IndexerSetupService [RUNNING]=8430, RestApiService > [RUNNING]=8781} > 2016-05-16T15:06:29.687-04:00 INFO [ServerBootstrap] Graylog server up > and running. > 2016-05-16T15:06:35.972-04:00 INFO [IndexRangesCleanupPeriodical] > Skipping index range cleanup because the Elasticsearch cluster is > unreachable or unhealthy > 2016-05-16T15:07:20.966-04:00 INFO [IndexerClusterCheckerThread] Indexer > not fully initialized yet. Skipping periodic cluster check. > 2016-05-16T15:07:50.969-04:00 INFO [IndexerClusterCheckerThread] Indexer > not fully initialized yet. Skipping periodic cluster check. > 2016-05-16T15:08:20.973-04:00 INFO [IndexerClusterCheckerThread] Indexer > not fully initialized yet. Skipping periodic cluster check. > 2016-05-16T15:08:50.977-04:00 INFO [IndexerClusterCheckerThread] Indexer > not fully initialized yet. Skipping periodic cluster check. > 2016-05-16T15:09:20.980-04:00 INFO [IndexerClusterCheckerThread] Indexer > not fully initialized yet. Skipping periodic cluster check. > 2016-05-16T15:09:50.984-04:00 INFO [IndexerClusterCheckerThread] Indexer > not fully initialized yet. Skipping periodic cluster check. > 2016-05-16T15:10:20.989-04:00 INFO [IndexerClusterCheckerThread] Indexer > not fully initialized yet. Skipping periodic cluster check. > 2016-05-16T15:10:50.993-04:00 INFO [IndexerClusterCheckerThread] Indexer > not fully initialized yet. Skipping periodic cluster check. > 2016-05-16T15:11:20.959-04:00 INFO [IndexRetentionThread] Elasticsearch > cluster not available, skipping index retention checks. > 2016-05-16T15:11:20.998-04:00 INFO [IndexerClusterCheckerThread] Indexer > not fully initialized yet. Skipping periodic cluster check. > 2016-05-16T15:11:51.001-04:00 INFO [IndexerClusterCheckerThread] Indexer > not fully initialized yet. Skipping periodic cluster check. > 2016-05-16T15:11:51.140-04:00 ERROR [UsageStatsClusterPeriodical] Uncaught > exception in periodical > org.elasticsearch.discovery.MasterNotDiscoveredException > at > org.elasticsearch.action.support.master.TransportMasterNodeAction$AsyncSingleAction$5.onTimeout(TransportMasterNodeAction.java:226) > > ~[graylog.jar:?] > at > org.elasticsearch.cluster.ClusterStateObserver$ObserverClusterStateListener.onTimeout(ClusterStateObserver.java:236) > > ~[graylog.jar:?] > at > org.elasticsearch.cluster.service.InternalClusterService$NotifyTimeout.run(InternalClusterService.java:804) > > ~[graylog.jar:?] > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) > > [?:1.8.0_91] > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) > > [?:1.8.0_91] > at java.lang.Thread.run(Thread.java:745) [?:1.8.0_91] > 2016-05-16T15:12:21.005-04:00 INFO [IndexerClusterCheckerThread] Indexer > not fully initialized yet. Skipping periodic cluster check. > > > > > > Any help would be greatly appreciated. Thanks. > > EP > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/fd214385-d62e-4e39-bf8e-08d5f29f9cfc%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
