Dear all,
I just did a fresh install of Graylog / MongoDB / Elasticsearch on a Debian 7 server. - Graylog Version:2.1.2-1 - Elasticsearch Version:2.4.3 - MongoDB Version:3.2.11 - Operating System:Debian 7 (SMP Debian 3.16.7-ckt20-1+deb8u1) - Browser version: Chrome Version 55.0.2883.95 (64-bit) I created a new input for udp syslog that listens on port 12201. I configured a server to forward logs to the graylog server on port 12201. When I tested elasticsearch with this: curl -X GET http://localhost:9200/graylog_0/_search?q=message:*, I am able to see the logs. If I try to search for logs in the graylog web interface, I am not able to see anything and I have this line in my /var/log/graylog-server/server.log : [SearchResource] Unable to execute search: all shards failed What is strange is that if I try to create an extractor for my new input and I load a message, I am able to see the last syslog entry... I saw that this issue was present with Graylog 2.0.x if we were using elasticsearch 2.4.x but as I am running a graylog version 2.1.x, my version of elasticsearch should be ok, don't you think? Maybe I am missing something... Any Idea? Regards, -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/64d6de43-7cc5-4c35-9f2f-e493bbb14014%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
