Hi, did you try to connect to the elasticsearch by _hand_, is your es setup reachable from the graylog server?
you can test with a plain telnet on both graylog servers: telnet es_node1 9300 telnet es_node2 9300 telnet es_node3 9300 As your servers are located in different subnets, I assume you checked the routing between the two networks? Have you checked if there are firewalls in place, blocking the traffic? Btw. my graylog servers elasticsearch.yml contains for the key discovery.zen.ping.unicast.hosts all es nodes, not just one. sangh <[email protected]> schrieb am Fr., 22. Juli 2016 um 09:42 Uhr: > Hi > I have two graylog server ( with mangodb) [192.168.80.125, > 192.168.80.126], a cluster of three elasticsearch node [ 192.168.40.125, > 192.168.40.126, 192.168.40.127]. > > > curl -XGET 'http://192.168.40.125:9200/_cluster/health?pretty=true' > { > "cluster_name" : "graylog", > "status" : "green", > "timed_out" : false, > "number_of_nodes" : 3, > "number_of_data_nodes" : 3, > "active_primary_shards" : 0, > "active_shards" : 0, > "relocating_shards" : 0, > "initializing_shards" : 0, > "unassigned_shards" : 0, > "delayed_unassigned_shards" : 0, > "number_of_pending_tasks" : 0, > "number_of_in_flight_fetch" : 0, > "task_max_waiting_in_queue_millis" : 0, > "active_shards_percent_as_number" : 100.0 > > In the graylog config file i set : > - elasticsearch_cluster_name = graylog > - elasticsearch_discovery_zen_ping_unicast_hosts = 192.168.40.125:9300 > - elasticsearch_network_host = 192.168.80.125:q > > > > i get this warning when startibg graylog > > [GeoIpResolverEngine] GeoIP database file does not exist: > /tmp/GeoLite2-City.mmdb > > WARN [DeadEventLoggingListener] Received unhandled event of type > <org.graylog2.plugin.lifecycles.Lifecycle> from event bus > <AsyncEventBus{graylog-eventbus}> > > [discovery] [graylog-d3e992d3-0786-47e4-8aff-9c7f1a46cf8d] waited for 3s > and no initial state was set by the discovery > > [IndexerSetupService] Could not connect to Elasticsearch > > INFO [zen] [graylog-d3e992d3-0786-47e4-8aff-9c7f1a46cf8d] failed to send > join request to master > [{elasticnode-3}{0wVrxpdAT0yr9GpYECzWFw}{192.168.40.127}{192.168.40.127:9300}], > reason > [RemoteTransportException[[elasticnode-3][192.168.40.127:9300][internal:discovery/zen/join]]; > nested: > ConnectTransportException[[graylog-d3e992d3-0786-47e4-8aff-9c7f1a46cf8d][ > 192.168.80.125:9350] connect_timeout[30s]]; nested: > NotSerializableExceptionWrapper[connect_timeout_exception: connection timed > out: /192.168.80.125:9350]; ] > 2016-07-22T11:13:42.331+02:00 INFO [IndexerClusterCheckerThread] Indexer > not fully initialized yet. Skipping periodic cluster check. > > > > -- > You received this message because you are subscribed to the Google Groups > "Graylog Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/graylog2/1f544163-bf89-4f23-8046-4cadd604e08f%40googlegroups.com > <https://groups.google.com/d/msgid/graylog2/1f544163-bf89-4f23-8046-4cadd604e08f%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/CAFRuYVc0e_u0ZQN4gpYGseRtErd03gPYrGfw8haZ8i3RJTA%3D%2BQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
