Can_match is not supported on pre 5.6.0 nodes

123dev · 2017-11-06 18:18:17 UTC

Why are we getting this error?

Elastic Search Version: (on all 4 nodes)
“version” : {
“number” : “5.5.1”,
“build_hash” : “19c13d0”,
“build_date” : “2017-07-18T20:44:24.823Z”,
“build_snapshot” : false,
“lucene_version” : “6.6.0”
},

Graylog Version: (2 nodes)
Graylog 2.3.1+9f2c6ef

Could this be because we have a Kibana connected to the cluster as
node.master: false
node.data: false

ES Version of Kibana
“version” : {
“number” : “5.6.3”,
“build_hash” : “1a2f265”,
“build_date” : “2017-10-06T20:33:39.012Z”,
“build_snapshot” : false,
“lucene_version” : “6.6.1”
}

Should we downgrade the ElasticSearch of Kibana?
Or should we upgrade Graylog’s ElasticSearch?
Speaking of which is Graylog compatible with ElasticSearch 5.6.3?
We are on Graylog 2.3.1 AWS Image (old image, gone through several Graylog upgrades)

Thanks

jochen · 2017-11-06 18:32:27 UTC

I’ve never seen this error message in Graylog before, so Kibana might be the culprit.

Could you elaborate a bit on your Elasticsearch setup, the versions of ES and Kibana you’re using?

123dev · 2017-11-06 18:50:38 UTC

Sure,

We’re on Kibana 5.5.3 with Elastic Search 5.6.3
Elastic Search on Kibana is configured as neither a master nor as data following this suggestion

All Graylog Elasticsearch-es are version 5.5.1 (2 graylog servers with data + 2 data only nodes)
Graylog version is 2.3.1

I’m also suspecting that somehow Kibana’s ES is interfering, but how could it effect GL?

Thanks

system · 2017-11-20 18:50:43 UTC

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.