Hi Lukas, from the logs of your Graylog node <http://pastebin.com/7dF4BbJg>:
2016-10-10T07:47:51.865Z INFO [IndexRetentionThread] Elasticsearch cluster not available, skipping index retention checks. It seems like Graylog cannot communicate with the Elasticsearch cluster. Make sure that the ES related settings are correct and that there isn't any packet filter (IPTables) or security framework (SELinux, grsecurity, AppArmor etc.) interfering. Cheers, Jochen On Monday, 10 October 2016 09:55:01 UTC+2, Lukas Steiner wrote: > > Hi > > I installed graylog 2.1.1 with elasticsearch 2.4.1 on ubuntu 16.04 > > The graylog web interface is running fine but I can not search anything > from the web interface. (HTTP Response 400) > > The problem seems to be that graylog does not connect to the existing > elasticsearch node. > > *When the graylog service is stopped:* > > *root@graylog*:*~*# curl -i -X GET 'http://localhost:9400/_cat/nodes?v' > > HTTP/1.1 200 OK > > Content-Type: text/plain; charset=UTF-8 > > Content-Length: 152 > > > host ip heap.percent ram.percent load node.role master name > > 127.0.0.1 127.0.0.1 3 35 0.60 d * graylog > > > > *After starting the graylog service:* > graylog log: > 2016-10-10T07:47:55.592Z INFO [service] > [graylog-864bd0c9-cb07-45e2-9323-2fcbfc001616] detected_master > {graylog}{6w4N2SWUSX2hUhR-CQRghQ}{127.0.0.1}{127.0.0.1:9300}, added > {{graylog}{6w4N2SWUSX2hUhR-CQRghQ}{127.0.0.1}{127.0.0.1:9300},}, reason: > zen-disco-receive(from master > [{graylog}{6w4N2SWUSX2hUhR-CQRghQ}{127.0.0.1}{127.0.0.1:9300}]) > > full graylog log: http://pastebin.com/7dF4BbJg > > elasticsearch log: > > [2016-10-10 07:47:55,575][INFO ][cluster.service ] [graylog] > added > {{graylog-864bd0c9-cb07-45e2-9323-2fcbfc001616}{6OTJm3UxStWMp2BtErWckw}{127.0.0.1}{127.0.0.1:9350}{client=true, > > data=false, master=false},}, reason: zen-disco-join(join from > node[{graylog-864bd0c9-cb07-45e2-9323-2fcbfc001616}{6OTJm3UxStWMp2BtErWckw}{127.0.0.1}{127.0.0.1:9350}{client=true, > > data=false, master=false}]) > > > > *Config files* > > etc/elasticsearch/elasticsearch.yml: > > http://pastebin.com/S9UYG8Mr <http://pastebin.com/sa2BcjGn> > > > /etc/graylog/server/server.conf > > http://pastebin.com/B6ULqMNa > > > Does anyone know why graylog does not use the existing elasticsearch node? > > > p.s. I replaced the servers IP with EXTERNAL-IP > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/e2e907d3-73f8-4173-897b-3366c9b82c5f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
