Hi Jochen
Thanks for your answer. I installed graylog on a fresh ubuntu 16.04 without any packet filter or security framework activated (besides AppArmor which I shut down). Unfortunately I could not find the cause of the problem and gave up. I am trying to install it with the provided AWS EC2 Images now. Thanks anyway. Cheers Lukas On Monday, October 10, 2016 at 10:59:37 AM UTC+2, Jochen Schalanda wrote: > > Hi Lukas, > > from the logs of your Graylog node <http://pastebin.com/7dF4BbJg>: > > 2016-10-10T07:47:51.865Z INFO [IndexRetentionThread] Elasticsearch > cluster not available, skipping index retention checks. > > > It seems like Graylog cannot communicate with the Elasticsearch cluster. > > Make sure that the ES related settings are correct and that there isn't > any packet filter (IPTables) or security framework (SELinux, grsecurity, > AppArmor etc.) interfering. > > Cheers, > Jochen > > On Monday, 10 October 2016 09:55:01 UTC+2, Lukas Steiner wrote: >> >> Hi >> >> I installed graylog 2.1.1 with elasticsearch 2.4.1 on ubuntu 16.04 >> >> The graylog web interface is running fine but I can not search anything >> from the web interface. (HTTP Response 400) >> >> The problem seems to be that graylog does not connect to the existing >> elasticsearch node. >> >> *When the graylog service is stopped:* >> >> *root@graylog*:*~*# curl -i -X GET 'http://localhost:9400/_cat/nodes?v' >> >> HTTP/1.1 200 OK >> >> Content-Type: text/plain; charset=UTF-8 >> >> Content-Length: 152 >> >> >> host ip heap.percent ram.percent load node.role master name >> >> >> 127.0.0.1 127.0.0.1 3 35 0.60 d * graylog >> >> >> >> *After starting the graylog service:* >> graylog log: >> 2016-10-10T07:47:55.592Z INFO [service] >> [graylog-864bd0c9-cb07-45e2-9323-2fcbfc001616] detected_master >> {graylog}{6w4N2SWUSX2hUhR-CQRghQ}{127.0.0.1}{127.0.0.1:9300}, added >> {{graylog}{6w4N2SWUSX2hUhR-CQRghQ}{127.0.0.1}{127.0.0.1:9300},}, reason: >> zen-disco-receive(from master >> [{graylog}{6w4N2SWUSX2hUhR-CQRghQ}{127.0.0.1}{127.0.0.1:9300}]) >> >> full graylog log: http://pastebin.com/7dF4BbJg >> >> elasticsearch log: >> >> [2016-10-10 07:47:55,575][INFO ][cluster.service ] [graylog] >> added >> {{graylog-864bd0c9-cb07-45e2-9323-2fcbfc001616}{6OTJm3UxStWMp2BtErWckw}{127.0.0.1}{127.0.0.1:9350}{client=true, >> >> data=false, master=false},}, reason: zen-disco-join(join from >> node[{graylog-864bd0c9-cb07-45e2-9323-2fcbfc001616}{6OTJm3UxStWMp2BtErWckw}{127.0.0.1}{127.0.0.1:9350}{client=true, >> >> data=false, master=false}]) >> >> >> >> *Config files* >> >> etc/elasticsearch/elasticsearch.yml: >> >> http://pastebin.com/S9UYG8Mr <http://pastebin.com/sa2BcjGn> >> >> >> /etc/graylog/server/server.conf >> >> http://pastebin.com/B6ULqMNa >> >> >> Does anyone know why graylog does not use the existing elasticsearch node? >> >> >> p.s. I replaced the servers IP with EXTERNAL-IP >> > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/586c7f68-cd34-4be6-8008-c05aea53d268%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
