Hi Nathan, the virtual machine images can also be used in smaller production setups.
Connection refused: /127.0.0.1:9350] The other Elasticsearch nodes are unable to access the embedded ES node in Graylog. Set elasticsearch_network_host <https://github.com/Graylog2/graylog2-server/blob/2.0.3/misc/graylog.conf#L245-L250> accordingly and see http://docs.graylog.org/en/2.0/pages/configuration/elasticsearch.html#graylog for details and explanations. Cheers, Jochen On Monday, 8 August 2016 16:37:03 UTC+2, Nathan Mace wrote: > > I did play around with the virtual appliance, and liked it. I'm trying to > get this setup as a production ready system to see about using it to > replace our Splunk install. > > I looked at the graylog log file, but all I see is the obvious unable to > connect errors. I can't see anything that's causing it. I've attached the > log file. > > Thanks! > > Nathan > > On Saturday, August 6, 2016 at 4:42:40 AM UTC-4, Jochen Schalanda wrote: >> >> Hi Nathan, >> >> those errors hint to Graylog not being able to connect to the >> Elasticsearch cluster. Check the logs of your Graylog server for more >> details. >> >> Just as a side node, if you simply want to try out Graylog and play >> around with it, you can also use the official virtual machine images and >> spare yourself the setup: >> http://docs.graylog.org/en/2.0/pages/installation/virtual_machine_appliances.html >> >> Cheers, >> Jochen >> >> On Friday, 5 August 2016 17:19:19 UTC+2, Nathan Mace wrote: >>> >>> Changed those two settings and now the web interface is working and I am >>> able to login and configure Inputs. Woot! >>> >>> However none of the data that should be received by the input is being >>> received. If you go to the search screen and wait for a ~30 seconds or so >>> there are two red warnings that pop up on the bottom of the screen and then >>> go away. They are: >>> >>> Could not load sources data >>> Loading of the sources data failed with status: Error cannot GET >>> http://x.x.x.146:12900/sources?range=3600 try reloading the page >>> >>> and >>> >>> Could not load field information >>> loading field information failed with status: cannot GET >>> http://x.x.x.146:12900/system/fields (500) >>> >>> Reloading the browser page doesn't seem to make any difference. Also of >>> note, going to System -> Overview the section for Elasticsearch Cluster >>> just spins with a "Loading" spinner and never shows the status of the ES >>> cluster. >>> >>> Nathan >>> >>> On Thursday, August 4, 2016 at 5:23:00 PM UTC-4, Jochen Schalanda wrote: >>>> >>>> Hi Nathan, >>>> >>>> try removing the elasticsearch_transport_tcp_port setting from your >>>> Graylog configuration and add the port (9300) to the IP address in >>>> elasticsearch_discovery_zen_ping_unicast_hosts (so that it's bein set >>>> to x.x.x.149:9300). >>>> >>>> Additionally, your web_endpoint_uri is wrong and should be removed >>>> completely (or at least point to the public address of the Graylog REST >>>> API). >>>> >>>> Cheers, >>>> Jochen >>>> >>>> On Thursday, 4 August 2016 21:14:37 UTC+2, Nathan Mace wrote: >>>>> >>>>> Per my other thread, I decided to delete the VMs and start over from >>>>> scratch. Instead of running ES on two nodes and Graylog on one of those >>>>> nodes, I've got two VM. Running ES only and the other running Graylog >>>>> and >>>>> MongoDB only. >>>>> >>>>> ansted -> x.x.x.146 Running Graylog and MongoDB >>>>> ansted-search-01 -> x.x.x.149 Running ElasticSearch >>>>> >>>>> I've attached the two config files (one for Graylog and one for ES). >>>>> I removed all of the commented out lines from the text files. I've also >>>>> attached the log file that Graylog is generating. The repeated error is: >>>>> >>>>> 2016-08-04T14:14:09.089-04:00 WARN [unicast] >>>>> [graylog-f51e5052-55d0-4c4a-92ca-89a28282b3f4] failed to send ping to >>>>> [{#zen_unicast_1#}{x.x.x.149}{x.x.x.149:9200}] >>>>> org.elasticsearch.transport.ReceiveTimeoutTransportException: >>>>> [][x.x.x.149:9200][internal:discovery/zen/unicast] request_id [18] timed >>>>> out after [3750ms] >>>>> at >>>>> org.elasticsearch.transport.TransportService$TimeoutHandler.run(TransportService.java:679) >>>>> >>>>> [graylog.jar:?] >>>>> at >>>>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) >>>>> >>>>> [?:1.8.0_101] >>>>> at >>>>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) >>>>> >>>>> [?:1.8.0_101] >>>>> at java.lang.Thread.run(Thread.java:745) [?:1.8.0_101] >>>>> >>>>> It is trying to connect to the ES server's IP, but I am out of ideas >>>>> as for what is wrong. I know I have ES set to use port 9300 for >>>>> transport >>>>> and Graylog is (currently) set to port 9200, but changing Graylog's >>>>> config >>>>> file doesn't seem to change the error in the Graylog log file. >>>>> >>>> -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/21b49709-e172-4b58-bd6f-b0f1c4361985%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
