Hello,
everything is the title.
I’ve got a server and its clone (2 VMs). The second has been cloned from the first one and then was modified consequently : ip, hostname, mac address and obviously graylog token.
I’m not even sure the the cloning operation is indeed the cause.
Symptoms : those two servers are popping up in graylog with the sametoken : one I didn’t even configure anywhere !! In the sidecar configuration they both have a different token, created in and copied from the tokens in the sidecar user : as it should.
I tried to modify the configuration threshold to 1 min, restart graylog … I’m not sure of what I can do to solve this, because I don’t understand how it even could happen.
If you have any clue … 
EDIT : to be crystal clear : those two servers have the same node-id and I have no clue how to fix this.
I also tried this process :
- stop both sidecars
- purge configurations by modifying sidecar expiration threshold to 2 minutes
- wait 2 min
- restart graylog
- delete previous tokens for both
- create and assign new tokens
- start both sidecars
- … they still have the same node-id !!