Hi Oliver, are there any error or warning messages in the logs of your Elasticsearch nodes?
Please try running Graylog in DEBUG mode (by adding "-d" or "--debug" to the command line, or by changing the log level of the Graylog-related classes on the System / Logging page) and check, if there are more details about the error. Cheers, Jochen On Monday, 19 September 2016 15:22:31 UTC+2, Oliver Schrenk wrote: > > Hi, > > I have troubles setting up a basic graylog instance with a single UDP GELF > input. > > ElasticSearch: 2.4.0 > Graylog: 2.1.1 > > There is no load balancer or reverse proxy. and I'm going with default > configuration and changed these settings: > > ``` > > rest_listen_uri = http://127.0.0.1:9000/api/ > < rest_listen_uri = http://0.0.0.0:12900/ > > > #web_listen_uri = http://127.0.0.1:9000/ > < web_listen_uri = http://0.0.0.0:9000/ > > > #web_endpoint_uri = > < web_endpoint_uri = http://staging.acme.nl:12900/ > ``` > > I successfully logged in, created UDP Gelf input source, was able to see a > sample message I pushed from my Scala application (upon creating the input, > not while searching it). > > I'm pushing the data with this config > > ``` > <appender name="GRAYLOG" > class="com.github.pukkaone.gelf.logback.GelfAppender"> > <graylogHost>udp:staging.acme.nl</graylogHost> > <graylogPort>12201</graylogPort> > <originHost>my.machine.example.com</originHost> > <levelIncluded>true</levelIncluded> > <loggerIncluded>true</loggerIncluded> > <markerIncluded>false</markerIncluded> > <threadIncluded>false</threadIncluded> > <facility>gelf-java</facility> > <additionalField>application=scala-api</additionalField> > <additionalField>environment=development</additionalField> > </appender> > ``` > > But when I want to actually search for something the UI fails. > > The javascript console shows > > ``` > client.js:960 GET > http://staging.acme.nl:12900/search/universal/relative/histogram?query=%2A&range=300&interval=minute > > 400 (Bad Request)d.end @ client.js:960(anonymous function) @ index.js:61i @ > bluebird.js:4594i._resolveFromResolver @ bluebird.js:2671i @ > bluebird.js:2259r.promise @ index.js:60r.then @ index.js:95value @ > FetchProvider.js:57i @ FetchProvider.js:96histogram @ > UniversalSearchStore.js:43promise.promise.isCancelled.promise.P.search.then.t.additional.t.additional.status.e.setState.error > > @ SearchPage.jsx:99i @ bluebird.js:4594i._settlePromiseFromHandler @ > bluebird.js:2698i._settlePromiseAt @ bluebird.js:2772i._settlePromises @ > bluebird.js:2888n._drainQueue @ bluebird.js:175n._drainQueues @ > bluebird.js:185drainQueues @ bluebird.js:67 > FetchProvider.js:17 There was an error fetching a resource: cannot GET > http://staging.acme.nl:12900/search/universal/relative/histogram?query=%2A&range=300&interval=minute > > (400). Additional information: Unable to execute searcht @ > FetchProvider.js:17(anonymous function) @ FetchProvider.js:82i @ > bluebird.js:4594i._settlePromiseFromHandler @ > bluebird.js:2698i._settlePromiseAt @ bluebird.js:2772i._settlePromises @ > bluebird.js:2888n._drainQueue @ bluebird.js:175n._drainQueues @ > bluebird.js:185drainQueues @ bluebird.js:67 > bluebird.js:953 Unhandled rejection Error: cannot GET > http://staging.acme.nl:12900/search/universal/relative/histogram?query=%2A&range=300&interval=minute > > (400) > ``` > > > The network tab shows that the request (here copied as Curl) > > ``` > curl ' > http://staging.acme.nl:12900/search/universal/relative/histogram?query=%2A&range=300&interval=minute' > > -H 'Authorization: Basic > ZjkxZTk4YjktMGUxZC00MzM3LWJmYTktYzI2M2JmMTNiMGUzOnNlc3Npb24=' -H 'Origin: > http://staging.acme.nl:9000' -H 'Accept-Encoding: gzip, deflate, sdch' -H > 'Accept-Language: en-GB,en-US;q=0.8,en;q=0.6' -H 'User-Agent: Mozilla/5.0 > (Macintosh; Intel Mac OS X 10_12_0) AppleWebKit/537.36 (KHTML, like Gecko) > Chrome/54.0.2837.0 Safari/537.36' -H 'Content-Type: application/json' -H > 'Accept: application/json' -H 'Referer: http://staging.acme.nl:9000/search' > -H 'X-Requested-With: XMLHttpRequest' -H 'Connection: keep-alive' -H 'DNT: > 1' --compressed > ``` > > fails with > > ``` > {"query":"*","begin_column":null,"begin_line":null,"end_column":null,"end_line":null,"message":"Unable > > to execute > search","exception_name":"org.elasticsearch.action.search.SearchPhaseExecutionException"} > ``` > > I don't see anything in elasticsearch log and the tab > http://staging.acme.nl:9000/system/indices shows no error for > elasticsearch. But graylog logs shows this > > ``` > 2016-09-19T15:17:14.564+02:00 INFO [InputStateListener] Input [GELF > UDP/57dfbbcbc0cf5374e79b8c0a] is now STARTING > 2016-09-19T15:17:14.662+02:00 WARN [NettyTransport] receiveBufferSize > (SO_RCVBUF) for input GELFUDPInput{title=Gelf UDP Test, > type=org.graylog2.inputs.gelf.udp.GELFUDPInput, > nodeId=5e5806ce-0922-4739-93af-0212d8b43772} should be 262144 but is 212992. > 2016-09-19T15:17:14.676+02:00 INFO [InputStateListener] Input [GELF > UDP/57dfbbcbc0cf5374e79b8c0a] is now RUNNING > 2016-09-19T15:17:18.748+02:00 WARN [transport] > [graylog-5e5806ce-0922-4739-93af-0212d8b43772] Transport response handler > not found of id [220] > 2016-09-19T15:17:18.749+02:00 WARN [SearchResource] Unable to execute > search: all shards failed > ``` > > I presume it's a configuration error, but with these error messages I > don't get far. Any idea? > > Cheers, > Oliver > > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/6b479e0d-2ecb-4cf6-9cf5-c97868cfbbb9%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
