Re: [graylog2] Re: Elasticsearch cluster unhealthy (RED)

Hi Marcus, I'll look into the ElasticSearch again. Will get back to this post soon. Hm... not really understand but let me go to link that you provided. Thank you Marcus Thanks for your info about the plugin as well, I'll go and read about it as well ;-) On Friday, July 29, 2016 at 8:32:22 PM

Re: [graylog2] Re: Elasticsearch cluster unhealthy (RED)

Hi Arief, you should have a look into your elaticsearch logfiles like Jochen wrote. ES will tell you about what's going on in case something is happening. Then, there are the various api's you could use to find out, why your cluster is yellow. Probably the different localhost:9200/_cat/

Re: [graylog2] Re: Elasticsearch cluster unhealthy (RED)

Hi Jochen, Thanks for the URLs link. Let me read and understand it. Seems the first link is great read for newbie like me. :-) On Mon, Jul 25, 2016 at 9:30 PM, Jochen Schalanda wrote: > Hi Arief, > > please refer to >

Re: [graylog2] Re: Elasticsearch cluster unhealthy (RED)

Hi Arief, please refer to https://www.elastic.co/de/blog/elasticsearch-storage-the-true-story-2.0 and https://www.elastic.co/guide/en/elasticsearch/reference/2.3/index-modules.html#_static_index_settings for details about the Lucene compression codecs and disk space requirements for

Re: [graylog2] Re: Elasticsearch cluster unhealthy (RED)

Hi Jochen, Thank you for your reply. After these 5 days the disk space utilization increase quite high. /dev/dm-0 212G 78G 126G 38% / Seems need to add more disk or just listed server that need to send all those log to the OVA Graylog. What do you think? Anyway regarding to the

Re: [graylog2] Re: Elasticsearch cluster unhealthy (RED)

Hi Arief, On Friday, 15 July 2016 09:04:21 UTC+2, Arief Hydayat wrote: > > Just wondering if I continue using these current OVA with default setting > in indices is 2000 Max doc per index and current disk 200GB, how many > target server we can add-in to send messages to the Graylog? >

Re: [graylog2] Re: Elasticsearch cluster unhealthy (RED)

Hi Jochen, Just wondering if I continue using these current OVA with default setting in indices is 2000 Max doc per index and current disk 200GB, how many target server we can add-in to send messages to the Graylog? I think it can't handle many also, as far I check message coming from 3

Re: [graylog2] Re: Elasticsearch cluster unhealthy (RED)

Hi Jochen, I see. Thanks for your reply. Anyway since I set Graylog to receive message from 5 sources (3 Windows server and 2 network devices) that Elasticsearch cluster health keep appearing. On Thu, Jul 14, 2016 at 3:16 PM, Jochen Schalanda wrote: > Hi Arief, > > the OVA

Re: [graylog2] Re: Elasticsearch cluster unhealthy (RED)

Hi Arief, running graylog-ctl reconfigure will recreate the configuration file from our templates and reset your changes. Cheers, Jochen On Thursday, 14 July 2016 04:45:43 UTC+2, Arief Hydayat wrote: > > Hi Jochen, > > OK I give a try on that. > > > > *ubuntu@graylog:~$ cat

Re: [graylog2] Re: Elasticsearch cluster unhealthy (RED)

Hi Arief, the OVA is suited for small production setups. For the "real deal", we recommend setting up the components yourself (to be able to tweak them according to your use cases) using the official OS packages (DEB, RPM)

Re: [graylog2] Re: Elasticsearch cluster unhealthy (RED)

Hi Jochen, Unfortunately still gives... Elasticsearch cluster unhealthy (RED) (triggered 2 minutes ago) What else we can do? Anyway I wanted to ask is the the OVA is the best practice to deploy and make it as production? -- You received this message because you are subscribed to the Google

Re: [graylog2] Re: Elasticsearch cluster unhealthy (RED)

Hi Jochen, OK I give a try on that. *ubuntu@graylog:~$ cat /opt/graylog/conf/graylog.conf | grep replica# How many Elasticsearch shards and replicas should be used per index? Note that this only applies to newly created indices.elasticsearch_replicas = 1* Then using vim editor and make

Re: [graylog2] Re: Elasticsearch cluster unhealthy (RED)

Hi Arief, you can make the Elasticsearch cluster health state GREEN, if you configure the indices (and Graylog) to not use replication, see https://github.com/Graylog2/graylog2-server/blob/2.0.3/misc/graylog.conf#L191-L193 . Cheers, Jochen On Wednesday, 13 July 2016 10:52:13 UTC+2, Arief

Re: [graylog2] Re: Elasticsearch cluster unhealthy (RED)

Hi Arief, you can see that each index has a replication factor of 1, meaning that there are 4 primary shards and 4 replica shards for each index. Since you're running only 1 Elasticsearch node, those replica shards cannot be placed anywhere, which is why the Elasticsearch cluster health state

Re: [graylog2] Re: Elasticsearch cluster unhealthy (RED)

Hi Jochen, Thanks for your reply. Here the output: health status index pri rep docs.count docs.deleted store.size pri.store.size yellow open graylog_9 4 121359520844.9mb 844.9mb yellow open graylog_8 4 1 200012630 7.3gb

Re: [graylog2] Re: Elasticsearch cluster unhealthy (RED)

Hi Arief, please post the output of the following command: curl http://localhost:9200/_cat/indices?v Also take into account, that if you're running the OVA with only 1 Elasticsearch node, the cluster health status will never get GREEN because it's configured to use 1 replica shard by

Re: [graylog2] Re: Elasticsearch cluster unhealthy (RED)

Hi Marcus, Thanks a lot. Been few days trying and it was my bad. Suppose to be I change the localhost with the specific IP that I've been setup. the curl command that you given it's work now and I can get the return value of those command. >From the curl http://localhost:9200/_cat/indices

Re: [graylog2] Re: Elasticsearch cluster unhealthy (RED)

Hi Marcus, Thanks a millions and sorry for late response. I've try your step but it gave me: curl: (7) Failed to connect to localhost port 9300: Connection refused I'm try to have a look in the .yml file under: /opt/graylog/elasticsearch/config/elasticsearch.yml and have a look on the

Re: [graylog2] Re: Elasticsearch cluster unhealthy (RED)

Hi, there are some REST API endpoints in elasticsearch you can check: General Overview: curl 'http://localhost:9200/_cluster/health?pretty=true' Overview over your indices: curl http://localhost:9200/_cat/indices This will list you the index that is red, I guess not enough diskspace and thus

[graylog2] Re: Elasticsearch cluster unhealthy (RED)

Hi everyone, Anyone can give a hand on this? On Wednesday, June 22, 2016 at 11:00:56 PM UTC+8, Arief Hydayat wrote: > > Hi Jochen, > > Hm.. OK. Then how could I make sure that there are no unassigned shards or > replicas in the Elasticsearch? Could you please assist me? > > On Tuesday, June 21,

[graylog2] Re: Elasticsearch cluster unhealthy (RED)

Hi Jochen, Hm.. OK. Then how could I make sure that there are no unassigned shards or replicas in the Elasticsearch? Could you please assist me? On Tuesday, June 21, 2016 at 8:51:56 PM UTC+8, Jochen Schalanda wrote: > > Hi Arief, > > a cluster health status of YELLOW is "good enough", but not

[graylog2] Re: Elasticsearch cluster unhealthy (RED)

Hi Arief, a cluster health status of YELLOW is "good enough", but not ideal. Make sure that there are no unassigned shards or replicas in your Elasticsearch cluster. Cheers, Jochen On Tuesday, 21 June 2016 06:39:18 UTC+2, Arief Hydayat wrote: > > Hi Jochen, > > Thanks for your reply. I did

[graylog2] Re: Elasticsearch cluster unhealthy (RED)

Hi Jochen, Thanks for your reply. I did take out all the log below: root@graylog:/var/log/graylog/elasticsearch# ls current graylog.log graylog.log.2016-05-12 graylog.log.2016-05-11 Yesterday I did the revert snap-sort, I couldn't see any Cluster health status changed to

[graylog2] Re: Elasticsearch cluster unhealthy (RED)

Hi Arief, please check the logs of the Elasticsearch node(s) for errors. You can find the log files in the /var/log/graylog/elasticsearch (or /var/log/elasticsearch) directory. Cheers, Jochen On Monday, 20 June 2016 09:32:28 UTC+2, Arief Hydayat wrote: > > Dear Graylog users and Guru, > >

[graylog2] Re: Elasticsearch cluster unhealthy (RED) - triggered on plain clean install from official image

If anyone has same problem. I found that once you run this, it will go back to normal: curl -XPUT 'localhost:9200/_settings' -d '{ "index" : { "number_of_replicas" : 0 } }' (From this page:

[graylog2] Re: Elasticsearch cluster unhealthy (RED) - triggered on plain clean install from official image

Hi Joe, are there any error messages in the logs of your ES nodes? Cheers, Jochen On Wednesday, 11 May 2016 12:31:14 UTC+2, Joe K wrote: > > I installed 2.0.0 official EC2 AMI Image. > Single, sandalone instance, not multiple ES instances in cluster. > > I did this two times and both times