Before you post: Your responses to these questions will help the community help you. Please complete this template if you’re asking a support question. Don’t forget to select tags to help index your topic!
1. Describe your incident:
I just created a new graylog server and trying to add it to an existing cluster.
2. Describe your environment:
OS Information: RHEL 8
Package Version: Graylog 5.1
Service logs, configurations, and environment variables:
3. What steps have you already taken to try and solve the problem?
I looked at preexisting server elasticsearch.yml files and graylog-server conf file to try matching the setting. Whats weird that that when i try to define the elasticsearch host on 9200, graylog stops listening on 9000 and starts listening on 9200.
4. How can the community help?
I want to gain understanging on how to connect the new server to the existing cluster.
It sounds like you are configuring the wrong setting, or its corrupting the settings. Can you post a redacted copy of your config file, make sure to takeout passwords etc.
Elasticsearch exception [type=index_not_found_exception, reason=no such index [graylog_1_1355]]. This the error that i am getting on the existing cluster. Sorry for the delay. BTW i am new to graylog.
Ok I did take a look at the elasticsearch file. That’s were I messed up. Once I returned elascticsearch file back to default, graylog started to listen on 9000 again. That was for the new server. Thanks for that. I submitted a few screen shots of elasticsearch error messages on our old 3 node cluster. Are those errors related to the version or the configuration?
I have created the new cluster and my new graylog server is the master. I changed the cluster assignment for one of the existing nodes, but hasn’t shown up. I looked at the old cluster that it went from 3 nodes to 2 nodes which is a good sign. Just need direction on how to get the newly assigned node to be visible on the new cluster.
So starting from scratch. I created a new graylog server and it is the master in that single-node cluster. There was old existing 3 node cluster in our environment that had traffic flowing to it. What i am trying to accomplish is to move one of those nodes from the old 3-node cluster to create a 2 node cluster with my new graylog server. What I am trying to figure out is what setting need to be changed on the old node in order for it to show up in the new cluster. Setting on serv.conf and /or elasticsearch.yml.
Are you running elastic on the same machines as Graylog, it sounds like you are if you have an elasticsearch.yml file on that server, and you cannot just remove an elastic node without causing data loss in the old elastic cluster.
As for Graylog itself, you want to copy the server.conf from the graylog leader node, and then just change the settings you need to change for that node, which we be very few. Most of the config needs to be identical between nodes in a cluster.
Elastic is running on all the graylog nodes in the old cluster. The graylog config is the easy part. If possible, what setting on the yml would have to change in order for it to added to the new cluster. Changing the elastic cluster name and other setting have to be modified.
All settings in server.conf need to be identical for all servers in a cluster. The only exception is if you bind to a specific ip rather than binding to 0.0.0.0 you obviously need to have that for the specific machine.
Elasticsearch.yml is the configuration file for the elasticsearch cluster, think of that as a totally seperate thing. You could have a cluster of 3 graylog servers, and then elastic (which a totally different product) running on its own 3 servers in its own cluster. You are running graylog and then graylog is using an elasticsearch cluster (could be just one server) to store the messages.
