Can_match is not supported on pre 5.6.0 nodes

Why are we getting this error?

Graylog_Error.png1253×540 37.2 KB

Elastic Search Version: (on all 4 nodes)
“version” : {
“number” : “5.5.1”,
“build_hash” : “19c13d0”,
“build_date” : “2017-07-18T20:44:24.823Z”,
“build_snapshot” : false,
“lucene_version” : “6.6.0”
},

Graylog Version: (2 nodes)
Graylog 2.3.1+9f2c6ef

Could this be because we have a Kibana connected to the cluster as
node.master: false
node.data: false

ES Version of Kibana
“version” : {
“number” : “5.6.3”,
“build_hash” : “1a2f265”,
“build_date” : “2017-10-06T20:33:39.012Z”,
“build_snapshot” : false,
“lucene_version” : “6.6.1”
}

Should we downgrade the ElasticSearch of Kibana?
Or should we upgrade Graylog’s ElasticSearch?
Speaking of which is Graylog compatible with ElasticSearch 5.6.3?
We are on Graylog 2.3.1 AWS Image (old image, gone through several Graylog upgrades)

Thanks

I’ve never seen this error message in Graylog before, so Kibana might be the culprit.

Could you elaborate a bit on your Elasticsearch setup, the versions of ES and Kibana you’re using?

Sure,

We’re on Kibana 5.5.3 with Elastic Search 5.6.3
Elastic Search on Kibana is configured as neither a master nor as data following this suggestion

All Graylog Elasticsearch-es are version 5.5.1 (2 graylog servers with data + 2 data only nodes)
Graylog version is 2.3.1

I’m also suspecting that somehow Kibana’s ES is interfering, but how could it effect GL?

Thanks

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.