AWS Elasticsearch unable to create indices

Graylog Central (peer support)
1

I’m working on building Graylog 2.4.0-1 in Kubernetes and using the AWS Elasticsearch service( version 5.5) as my endpoint. I’m able to get data to Graylog, but its not writing to the index. When looking at the logs from my Graylog pod, I see the following message repeated:

2018-04-12 16:12:51,342 INFO : org.graylog2.indexer.MongoIndexSet - Did not find a deflector alias. Setting one up now.
2018-04-12 16:12:51,353 INFO : org.graylog2.indexer.MongoIndexSet - There is no index target to point to. Creating one now.
2018-04-12 16:12:51,367 INFO : org.graylog2.indexer.MongoIndexSet - Cycling from <none> to <graylog_0>.
2018-04-12 16:12:51,367 INFO : org.graylog2.indexer.MongoIndexSet - Creating target index <graylog_0>.
2018-04-12 16:12:51,390 ERROR: org.graylog2.periodical.IndexRotationThread - Couldn't point deflector to a new index
org.graylog2.indexer.ElasticsearchException: Unable to create index template graylog-internal

Compressor detection can only be called on some xcontent bytes or compressed xcontent bytes
	at org.graylog2.indexer.cluster.jest.JestUtils.specificException(JestUtils.java:98) ~[graylog.jar:?]
	at org.graylog2.indexer.cluster.jest.JestUtils.execute(JestUtils.java:57) ~[graylog.jar:?]
	at org.graylog2.indexer.cluster.jest.JestUtils.execute(JestUtils.java:62) ~[graylog.jar:?]
	at org.graylog2.indexer.indices.Indices.ensureIndexTemplate(Indices.java:359) ~[graylog.jar:?]
	at org.graylog2.indexer.indices.Indices.create(Indices.java:389) ~[graylog.jar:?]
	at org.graylog2.indexer.indices.Indices.create(Indices.java:375) ~[graylog.jar:?]
	at org.graylog2.indexer.MongoIndexSet.cycle(MongoIndexSet.java:293) ~[graylog.jar:?]
	at org.graylog2.indexer.MongoIndexSet.setUp(MongoIndexSet.java:261) ~[graylog.jar:?]
	at org.graylog2.periodical.IndexRotationThread.checkAndRepair(IndexRotationThread.java:138) ~[graylog.jar:?]
	at org.graylog2.periodical.IndexRotationThread.lambda$doRun$0(IndexRotationThread.java:76) ~[graylog.jar:?]
	at java.lang.Iterable.forEach(Iterable.java:75) [?:1.8.0_151]
	at org.graylog2.periodical.IndexRotationThread.doRun(IndexRotationThread.java:73) [graylog.jar:?]
	at org.graylog2.plugin.periodical.Periodical.run(Periodical.java:77) [graylog.jar:?]
	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) [?:1.8.0_151]
	at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308) [?:1.8.0_151]
	at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:180) [?:1.8.0_151]
	at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:294) [?:1.8.0_151]
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_151]
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_151]
	at java.lang.Thread.run(Thread.java:748) [?:1.8.0_151]

From the documentation, I have the elasticsearch_discovery_enabled set to false and elasticsearch_hosts set to my Elasticsearch URL. I also tested that can create and delete indices to the Elasticearch cluster outside of Graylog.

2

You have to disable request compression if you’re using the AWS Elasticsearch service:

For reference:

3

Awesome, that did the trick! Thanks!

4

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.