Can not Login to Web Gui of latest Graylog

Hi I spent 2 days trying to install Graylog like 6 times and spent hours online to get it to work.
I am unsuccessful and need help.
Is Graylog only designed to be working for local network only ? 127.0.0.1 ? i know by default that is the set up.
I have installation on remote server online and can not log in to it at all.

What i have:

  • Container on Digital Ocean with Ubuntu 20.04 LTS
  • Firewall not activated ( Disabled )
  • Java 11 installed

i followed multiple instructions on line none worked for external access, i dont know for local if it works since i dont have access to local infrustructure.

I also followed 3 times this tutorial.
https://docs.graylog.org/docs/ubuntu

here are my configs i have at the moment:

Again all services Elastic Search, Graylog, MongoDB is active and working

Why i can not access the webpage and login screen on port 9000 using the browser…

Please help i just ran out of info online.

due to not enough space i had to break up logs in following posts :frowning:

i dont know how to post logs here it says i use over 32000 characters that is the limit here so i will try to attache text files as hyperlink because i ran out of ideas.

https://pomoconline.com/info/graylogconfig.txt

https://pomoconline.com/info/Elasticsearch.txt

here is more info when i run command
“tail -f /var/log/graylog-server/server.log”

Need further help?

* Official documentation: http://docs.graylog.org/
* Community support: https://www.graylog.org/community-support/
* Commercial support: https://www.graylog.com/technical-support/

Terminating. :(

################################################################################

2022-07-28T12:47:26.708Z INFO  [CmdLineTool] Loaded plugin: AWS plugins 4.0.17 [org.graylog.aws.AWSPlugin]
2022-07-28T12:47:26.713Z INFO  [CmdLineTool] Loaded plugin: Collector 4.0.17 [org.graylog.plugins.collector.CollectorPlugin]
2022-07-28T12:47:26.715Z INFO  [CmdLineTool] Loaded plugin: Threat Intelligence Plugin 4.0.17 [org.graylog.plugins.threatintel.ThreatIntelPlugin]
2022-07-28T12:47:26.715Z INFO  [CmdLineTool] Loaded plugin: Elasticsearch 6 Support 4.0.17+d0c5b22 [org.graylog.storage.elasticsearch6.Elasticsearch6Plugin]
2022-07-28T12:47:26.721Z INFO  [CmdLineTool] Loaded plugin: Elasticsearch 7 Support 4.0.17+d0c5b22 [org.graylog.storage.elasticsearch7.Elasticsearch7Plugin]
2022-07-28T12:47:26.982Z INFO  [CmdLineTool] Running with JVM arguments: -Xms1g -Xmx1g -XX:NewRatio=1 -XX:+ResizeTLAB -XX:-OmitStackTraceInFastThrow -Djdk.tls.acknowledgeCloseNotify=true -Dlog4j2.formatMsgNoLookups=true -XX:+UseConcMarkSweepGC -XX:+CMSConcurrentMTEnabled -XX:+CMSClassUnloadingEnabled -Dlog4j.configurationFile=file:///etc/graylog/server/log4j2.xml -Djava.library.path=/usr/share/graylog-server/lib/sigar -Dgraylog2.installation_source=deb
2022-07-28T12:47:27.226Z INFO  [Version] HV000001: Hibernate Validator null
2022-07-28T12:47:30.171Z INFO  [InputBufferImpl] Message journal is enabled.
2022-07-28T12:47:30.190Z INFO  [NodeId] Node ID: e2ffbd47-dadc-4d00-9abe-fca2e5597e1a
2022-07-28T12:47:30.372Z INFO  [LogManager] Loading logs.
2022-07-28T12:47:30.419Z WARN  [Log] Found a corrupted index file, /var/lib/graylog-server/journal/messagejournal-0/00000000000000000000.index, deleting and rebuilding index...
2022-07-28T12:47:30.469Z INFO  [LogManager] Logs loading complete.
2022-07-28T12:47:30.472Z INFO  [KafkaJournal] Initialized Kafka based journal at /var/lib/graylog-server/journal
2022-07-28T12:47:30.496Z INFO  [cluster] Cluster created with settings {hosts=[localhost:27017], mode=SINGLE, requiredClusterType=UNKNOWN, serverSelectionTimeout='30000 ms', maxWaitQueueSize=5000}
2022-07-28T12:47:30.547Z INFO  [cluster] Cluster description not yet available. Waiting for 30000 ms before timing out
2022-07-28T12:47:30.578Z INFO  [connection] Opened connection [connectionId{localValue:1, serverValue:99}] to localhost:27017
2022-07-28T12:47:30.582Z INFO  [cluster] Monitor thread successfully connected to server with description ServerDescription{address=localhost:27017, type=STANDALONE, state=CONNECTED, ok=true, version=ServerVersion{versionList=[3, 6, 8]}, minWireVersion=0, maxWireVersion=6, maxDocumentSize=16777216, logicalSessionTimeoutMinutes=30, roundTripTimeNanos=2539068}
2022-07-28T12:47:30.601Z INFO  [connection] Opened connection [connectionId{localValue:2, serverValue:100}] to localhost:27017
2022-07-28T12:47:31.040Z INFO  [InputBufferImpl] Initialized InputBufferImpl with ring size <65536> and wait strategy <BlockingWaitStrategy>, running 2 parallel message handlers.
2022-07-28T12:47:31.755Z ERROR [VersionProbe] Unable to retrieve version from Elasticsearch node: 
java.net.ConnectException: Failed to connect to /127.0.0.1:9200
        at okhttp3.internal.connection.RealConnection.connectSocket(RealConnection.java:265) ~[graylog.jar:?]
        at okhttp3.internal.connection.RealConnection.connect(RealConnection.java:183) ~[graylog.jar:?]
        at okhttp3.internal.connection.ExchangeFinder.findConnection(ExchangeFinder.java:224) ~[graylog.jar:?]
        at okhttp3.internal.connection.ExchangeFinder.findHealthyConnection(ExchangeFinder.java:108) ~[graylog.jar:?]
        at okhttp3.internal.connection.ExchangeFinder.find(ExchangeFinder.java:88) ~[graylog.jar:?]
        at okhttp3.internal.connection.Transmitter.newExchange(Transmitter.java:169) ~[graylog.jar:?]
        at okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.java:41) ~[graylog.jar:?]
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142) ~[graylog.jar:?]
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:117) ~[graylog.jar:?]
        at okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.java:94) ~[graylog.jar:?]
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142) ~[graylog.jar:?]
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:117) ~[graylog.jar:?]
        at okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.java:93) ~[graylog.jar:?]
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142) ~[graylog.jar:?]
        at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.java:88) ~[graylog.jar:?]
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142) ~[graylog.jar:?]
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:117) ~[graylog.jar:?]
        at okhttp3.RealCall.getResponseWithInterceptorChain(RealCall.java:229) ~[graylog.jar:?]
        at okhttp3.RealCall.execute(RealCall.java:81) ~[graylog.jar:?]
        at retrofit2.OkHttpCall.execute(OkHttpCall.java:204) ~[graylog.jar:?]
        at org.graylog2.storage.versionprobe.VersionProbe.rootResponse(VersionProbe.java:120) ~[graylog.jar:?]
        at org.graylog2.storage.versionprobe.VersionProbe.probe(VersionProbe.java:73) ~[graylog.jar:?]
        at java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:195) ~[?:?]
        at java.util.Collections$2.tryAdvance(Collections.java:4747) ~[?:?]
        at java.util.stream.ReferencePipeline.forEachWithCancel(ReferencePipeline.java:127) ~[?:?]
        at java.util.stream.AbstractPipeline.copyIntoWithCancel(AbstractPipeline.java:502) ~[?:?]
        at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:488) ~[?:?]
        at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:474) ~[?:?]
        at java.util.stream.FindOps$FindOp.evaluateSequential(FindOps.java:150) ~[?:?]
        at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234) ~[?:?]
        at java.util.stream.ReferencePipeline.findFirst(ReferencePipeline.java:543) ~[?:?]
        at org.graylog2.storage.versionprobe.VersionProbe.probe(VersionProbe.java:54) ~[graylog.jar:?]
        at org.graylog2.storage.providers.ElasticsearchVersionProvider.lambda$get$1(ElasticsearchVersionProvider.java:68) ~[graylog.jar:?]
        at org.graylog2.storage.providers.AtomicCache.get(AtomicCache.java:36) [graylog.jar:?]
        at org.graylog2.storage.providers.ElasticsearchVersionProvider.get(ElasticsearchVersionProvider.java:67) [graylog.jar:?]
        at org.graylog2.storage.providers.ElasticsearchVersionProvider.get(ElasticsearchVersionProvider.java:35) [graylog.jar:?]
        at com.google.inject.internal.ProviderInternalFactory.provision(ProviderInternalFactory.java:85) [graylog.jar:?]
        at com.google.inject.internal.BoundProviderFactory.provision(BoundProviderFactory.java:77) [graylog.jar:?]
        at com.google.inject.internal.ProviderInternalFactory.circularGet(ProviderInternalFactory.java:59) [graylog.jar:?]
        at com.google.inject.internal.BoundProviderFactory.get(BoundProviderFactory.java:61) [graylog.jar:?]
        at com.google.inject.internal.ProviderToInternalFactoryAdapter.get(ProviderToInternalFactoryAdapter.java:40) [graylog.jar:?]
        at com.google.inject.internal.SingletonScope$1.get(SingletonScope.java:168) [graylog.jar:?]
        at com.google.inject.internal.InternalFactoryToProviderAdapter.get(InternalFactoryToProviderAdapter.java:39) [graylog.jar:?]
        at com.google.inject.internal.SingleParameterInjector.inject(SingleParameterInjector.java:42) [graylog.jar:?]
        at com.google.inject.internal.SingleParameterInjector.getAll(SingleParameterInjector.java:65) [graylog.jar:?]
        at com.google.inject.internal.ConstructorInjector.provision(ConstructorInjector.java:113) [graylog.jar:?]
        at com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:91) [graylog.jar:?]
        at com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:306) [graylog.jar:?]
        at com.google.inject.internal.BoundProviderFactory.get(BoundProviderFactory.java:60) [graylog.jar:?]
        at com.google.inject.internal.SingleParameterInjector.inject(SingleParameterInjector.java:42) [graylog.jar:?]
        at com.google.inject.internal.SingleParameterInjector.getAll(SingleParameterInjector.java:65) [graylog.jar:?]
        at com.google.inject.internal.ConstructorInjector.provision(ConstructorInjector.java:113) [graylog.jar:?]
        at com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:91) [graylog.jar:?]
        at com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:306) [graylog.jar:?]
        at com.google.inject.internal.ProviderToInternalFactoryAdapter.get(ProviderToInternalFactoryAdapter.java:40) [graylog.jar:?]
        at com.google.inject.internal.SingletonScope$1.get(SingletonScope.java:168) [graylog.jar:?]
        at com.google.inject.internal.InternalFactoryToProviderAdapter.get(InternalFactoryToProviderAdapter.java:39) [graylog.jar:?]
        at com.google.inject.internal.SingleParameterInjector.inject(SingleParameterInjector.java:42) [graylog.jar:?]
        at com.google.inject.internal.SingleParameterInjector.getAll(SingleParameterInjector.java:65) [graylog.jar:?]
        at com.google.inject.internal.ConstructorInjector.provision(ConstructorInjector.java:113) [graylog.jar:?]
        at com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:91) [graylog.jar:?]
        at com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:306) [graylog.jar:?]
        at com.google.inject.internal.FactoryProxy.get(FactoryProxy.java:62) [graylog.jar:?]
        at com.google.inject.internal.ProviderToInternalFactoryAdapter.get(ProviderToInternalFactoryAdapter.java:40) [graylog.jar:?]
        at com.google.inject.internal.SingletonScope$1.get(SingletonScope.java:168) [graylog.jar:?]
        at com.google.inject.internal.InternalFactoryToProviderAdapter.get(InternalFactoryToProviderAdapter.java:39) [graylog.jar:?]
        at com.google.inject.internal.SingleParameterInjector.inject(SingleParameterInjector.java:42) [graylog.jar:?]
        at com.google.inject.internal.SingleParameterInjector.getAll(SingleParameterInjector.java:65) [graylog.jar:?]
        at com.google.inject.internal.ConstructorInjector.provision(ConstructorInjector.java:113) [graylog.jar:?]
        at com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:91) [graylog.jar:?]
        at com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:306) [graylog.jar:?]
        at com.google.inject.internal.ProviderToInternalFactoryAdapter.get(ProviderToInternalFactoryAdapter.java:40) [graylog.jar:?]
        at com.google.inject.internal.SingletonScope$1.get(SingletonScope.java:168) [graylog.jar:?]
        at com.google.inject.internal.InternalFactoryToProviderAdapter.get(InternalFactoryToProviderAdapter.java:39) [graylog.jar:?]
        at com.google.inject.internal.SingleParameterInjector.inject(SingleParameterInjector.java:42) [graylog.jar:?]
        at com.google.inject.internal.SingleParameterInjector.getAll(SingleParameterInjector.java:65) [graylog.jar:?]
        at com.google.inject.internal.ConstructorInjector.provision(ConstructorInjector.java:113) [graylog.jar:?]
        at com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:91) [graylog.jar:?]
        at com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:306) [graylog.jar:?]
        at com.google.inject.internal.FactoryProxy.get(FactoryProxy.java:62) [graylog.jar:?]
        at com.google.inject.internal.SingleParameterInjector.inject(SingleParameterInjector.java:42) [graylog.jar:?]
        at com.google.inject.internal.SingleParameterInjector.getAll(SingleParameterInjector.java:65) [graylog.jar:?]
        at com.google.inject.internal.ConstructorInjector.provision(ConstructorInjector.java:113) [graylog.jar:?]
        at com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:91) [graylog.jar:?]
        at com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:306) [graylog.jar:?]
        at com.google.inject.internal.FactoryProxy.get(FactoryProxy.java:62) [graylog.jar:?]
        at com.google.inject.internal.SingleParameterInjector.inject(SingleParameterInjector.java:42) [graylog.jar:?]
        at com.google.inject.internal.SingleParameterInjector.getAll(SingleParameterInjector.java:65) [graylog.jar:?]
        at com.google.inject.internal.ConstructorInjector.provision(ConstructorInjector.java:113) [graylog.jar:?]
        at com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:91) [graylog.jar:?]
        at com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:306) [graylog.jar:?]
        at com.google.inject.internal.FactoryProxy.get(FactoryProxy.java:62) [graylog.jar:?]
        at com.google.inject.internal.SingleParameterInjector.inject(SingleParameterInjector.java:42) [graylog.jar:?]
        at com.google.inject.internal.RealMultibinder$RealMultibinderProvider.doProvision(RealMultibinder.java:198) [graylog.jar:?]
        at com.google.inject.internal.RealMultibinder$RealMultibinderProvider.doProvision(RealMultibinder.java:151) [graylog.jar:?]
        at com.google.inject.internal.InternalProviderInstanceBindingImpl$Factory.get(InternalProviderInstanceBindingImpl.java:113) [graylog.jar:?]
        at com.google.inject.internal.SingleParameterInjector.inject(SingleParameterInjector.java:42) [graylog.jar:?]
        at com.google.inject.internal.SingleParameterInjector.getAll(SingleParameterInjector.java:65) [graylog.jar:?]
        at com.google.inject.internal.ConstructorInjector.provision(ConstructorInjector.java:113) [graylog.jar:?]
        at com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:91) [graylog.jar:?]
        at com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:306) [graylog.jar:?]
        at com.google.inject.internal.ProviderToInternalFactoryAdapter.get(ProviderToInternalFactoryAdapter.java:40) [graylog.jar:?]
        at com.google.inject.internal.SingletonScope$1.get(SingletonScope.java:168) [graylog.jar:?]
        at com.google.inject.internal.InternalFactoryToProviderAdapter.get(InternalFactoryToProviderAdapter.java:39) [graylog.jar:?]
        at com.google.inject.internal.FactoryProxy.get(FactoryProxy.java:62) [graylog.jar:?]
        at com.google.inject.internal.SingleParameterInjector.inject(SingleParameterInjector.java:42) [graylog.jar:?]
        at com.google.inject.internal.RealMultibinder$RealMultibinderProvider.doProvision(RealMultibinder.java:198) [graylog.jar:?]
        at com.google.inject.internal.RealMultibinder$RealMultibinderProvider.doProvision(RealMultibinder.java:151) [graylog.jar:?]
        at com.google.inject.internal.InternalProviderInstanceBindingImpl$Factory.get(InternalProviderInstanceBindingImpl.java:113) [graylog.jar:?]
        at com.google.inject.internal.SingleFieldInjector.inject(SingleFieldInjector.java:52) [graylog.jar:?]
        at com.google.inject.internal.MembersInjectorImpl.injectMembers(MembersInjectorImpl.java:147) [graylog.jar:?]
        at com.google.inject.internal.ConstructorInjector.provision(ConstructorInjector.java:124) [graylog.jar:?]
        at com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:91) [graylog.jar:?]
        at com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:306) [graylog.jar:?]
        at com.google.inject.internal.BoundProviderFactory.get(BoundProviderFactory.java:60) [graylog.jar:?]
        at com.google.inject.internal.ProviderToInternalFactoryAdapter.get(ProviderToInternalFactoryAdapter.java:40) [graylog.jar:?]
        at com.google.inject.internal.SingletonScope$1.get(SingletonScope.java:168) [graylog.jar:?]
        at com.google.inject.internal.InternalFactoryToProviderAdapter.get(InternalFactoryToProviderAdapter.java:39) [graylog.jar:?]
        at com.google.inject.internal.InternalInjectorCreator.loadEagerSingletons(InternalInjectorCreator.java:211) [graylog.jar:?]
        at com.google.inject.internal.InternalInjectorCreator.injectDynamically(InternalInjectorCreator.java:182) [graylog.jar:?]
        at com.google.inject.internal.InternalInjectorCreator.build(InternalInjectorCreator.java:109) [graylog.jar:?]
        at com.google.inject.Guice.createInjector(Guice.java:87) [graylog.jar:?]
        at org.graylog2.shared.bindings.GuiceInjectorHolder.createInjector(GuiceInjectorHolder.java:34) [graylog.jar:?]
        at org.graylog2.bootstrap.CmdLineTool.setupInjector(CmdLineTool.java:381) [graylog.jar:?]
        at org.graylog2.bootstrap.CmdLineTool.run(CmdLineTool.java:196) [graylog.jar:?]
        at org.graylog2.bootstrap.Main.main(Main.java:50) [graylog.jar:?]
Caused by: java.net.ConnectException: Connection refused (Connection refused)
        at java.net.PlainSocketImpl.socketConnect(Native Method) ~[?:?]
        at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:412) ~[?:?]
        at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:255) ~[?:?]
        at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:237) ~[?:?]
        at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392) ~[?:?]
        at java.net.Socket.connect(Socket.java:609) ~[?:?]
        at okhttp3.internal.platform.Platform.connectSocket(Platform.java:130) ~[graylog.jar:?]
        at okhttp3.internal.connection.RealConnection.connectSocket(RealConnection.java:263) ~[graylog.jar:?]
        ... 125 more
2022-07-28T12:47:31.791Z INFO  [ProcessBuffer] Initialized ProcessBuffer with ring size <65536> and wait strategy <BlockingWaitStrategy>.
2022-07-28T12:47:31.857Z INFO  [ProcessBuffer] Initialized ProcessBuffer with ring size <65536> and wait strategy <BlockingWaitStrategy>.
2022-07-28T12:47:32.078Z INFO  [ProcessBuffer] Initialized ProcessBuffer with ring size <65536> and wait strategy <BlockingWaitStrategy>.

Looks at first that your ES is not reachable internally.

Should be something like this:

grep -v "#" /etc/elasticsearch/elasticsearch.yml

cluster.name: graylog
node.name: <your.node.name>
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
network.host: <your-host-ip>
http.port: 9200
discovery.seed_hosts: ["<your-host-ip>"]
cluster.initial_master_nodes: ["<your-host-ip>"]
action.auto_create_index: false

and in graylog this should could be for elasticserch:

elasticsearch_hosts = http://<your-host-ip>:9200

Do nog go beyond version 7.10.2 for elasticsearch for it is not supported bij graylog and
install the open (OSS) version of it.

In graylog server.conf, use the ip addres of your remote server at http_bind_addres and see if that works for remote acces.

Good luck

1 Like

@PeterR

I agree with @Arie Thos configuration should be set correctly.

For Graylog to connect to Elasticsearch two configuration are essential

Graylog Configuration file

  • Elasticsearch_hosts is set for default 127.0.0.1

Elasitcsearch YAML file

  • network.host is set for default 127.0.0.1

That configuration would mean Elasticsearch and Graylog are on the same node.

Graylog Configuration file

  • Elasticsearch_hosts is set for default 192.168.1.100

Elasitcsearch YAML file

  • network.host is set for default 192.168.1.100

That configuration would mean Elasticsearch and Graylog are on different nodes or in a cluster.

Thank you for replies…
In official install instruction, there is no single mention about the changes that are recommended in your replies… very strange that important pieces like that should be included in instructions.

I noticed that my mongoldb is no longer working so I will do another clean installation tomorrow and include suggested changes in config files…

question:
in all suggested “” areas I use public ip correct?

thank you and I will redo install tomorrow and include suggested fixes.

1 Like

I agree, But that why were here helping :smiley:

In your special case, you could keep some things at 127.0.0.1 as they are local traffic.

So elasticsearch (port 9200) should be there, just like monogo (port 27107) so that
Graylog can reach them internally.

Hi Arie

could you tell me which line I should leave as loopback 127.0.0.1 in configs?
Thnaks

grep -v "#" /etc/elasticsearch/elasticsearch.yml

cluster.name: graylog
node.name: <your.node.name>
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
network.host: <your-host-ip>
http.port: 9200
discovery.seed_hosts: ["<your-host-ip>"]
cluster.initial_master_nodes: ["<your-host-ip>"]
action.auto_create_index: false

and in graylog this should could be for elasticserch:

elasticsearch_hosts = http://<your-host-ip>:9200

Ok I gave up
I followed as much as I could and I still can not get it to work

here are my latest config files for review:

https://pomoconline.com/info/graylogconfig.txt

https://pomoconline.com/info/Elasticsearch.txt

Please help

Please message me directly if someone is willing to help me and I will provide the info to help me get it to work.

Please help

I tried that tutorial
however it install older version of Elasticsearch 6
and Graylog 4.1

however that instruction worked like a charm

anybody can clarify why original instruction fails?

https://docs.graylog.org/v1/docs/ubuntu

thanks

Peter,

Sorry for not reading your reply correct.

Everything concerning elasticsearch could default to 127.0.0.1
in the es and graylog config.

Hi
ok latest versions not working

Vultur tutorial that install old Graylog 4.1 and Elasticsearch 6.8
is the only installation that works for me…

Anybody has the latest versions working in Ubuntu 20?

Graylog 4.3.2
ElasticSearch 7.10.2
??

Anybody willing to help here?

Hello @PeterR

I have, I’m running GL 4.3.0, ES 7.10, Mongo 4.4 using these instruction

along with some network configuration on my Linux box.

EDIT: Running HTTPS on the front end. here are some of my configurations.

GL-Config
[root@graylog graylog]# cat /etc/graylog/server/server.conf | egrep -v "^\s*(#|$)"
is_master = true
node_id_file = /etc/graylog/server/node-id
password_secret =epOqmL
root_password_sha2 =272c3ac6b26a795a4244d
root_email = "greg.smith@domain.com"
root_timezone = America/Chicago
bin_dir = /usr/share/graylog-server/bin
data_dir = /var/lib/graylog-server
plugin_dir = /usr/share/graylog-server/plugin
http_bind_address = 10.10.10.10:9000
http_publish_uri = https://graylog.domain.com:9000/
http_enable_cors = true
http_enable_tls = true
http_tls_cert_file = /etc/ssl/certs/graylog/graylog-certificate.pem
http_tls_key_file = /etc/ssl/certs/graylog/graylog-key.pem
http_tls_key_password = secret_password
elasticsearch_hosts = http://10.10.10.10:9200
rotation_strategy = count
elasticsearch_max_docs_per_index = 20000000
elasticsearch_max_number_of_indices = 20
retention_strategy = delete
elasticsearch_shards = 4
elasticsearch_replicas = 0
elasticsearch_index_prefix = graylog
allow_leading_wildcard_searches = true
allow_highlighting = false
elasticsearch_analyzer = standard
elasticsearch_index_optimization_timeout = 1h
output_batch_size = 5000
output_flush_interval = 1
output_fault_count_threshold = 5
output_fault_penalty_seconds = 30
processbuffer_processors = 7
outputbuffer_processors = 3
processor_wait_strategy = blocking
ring_size = 65536
inputbuffer_ring_size = 65536
inputbuffer_processors = 2
inputbuffer_wait_strategy = blocking
message_journal_enabled = true
message_journal_dir = /var/lib/graylog-server/journal
message_journal_max_size = 12gb
lb_recognition_period_seconds = 3
mongodb_uri = mongodb://mongo_user:password@localhost:27017/graylog
mongodb_max_connections = 1000
mongodb_threads_allowed_to_block_multiplier = 5
transport_email_enabled = true
transport_email_hostname = localhost
tansport_email_port = 25
transport_email_subject_prefix = [graylog]
transport_email_from_email = root@enseva-labs.net
transport_email_web_interface_url = https://10.10.10.10:9000
http_connect_timeout = 10s
proxied_requests_thread_pool_size = 32
prometheus_exporter_enabled =true
prometheus_exporter_bind_address = 10.10.10.10:9833
[root@graylog graylog]#
ES_config
[root@graylog graylog]# cat /etc/elasticsearch/elasticsearch.yml| egrep -v "^\s*(#|$)"
cluster.name: graylog
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
network.host: 10.10.10.10
http.port: 9200
action.auto_create_index: false
discovery.type: single-node
bootstrap.memory_lock: true
[root@graylog graylog]#

Hope that helps.
Not sure what else to tell you, but double check you network and firewall configurations.
NOTE: try not to use third-part documentation.

1 Like

Hello Peter,
I also have Graxlog 4.3.3 up and running, but I’ve had to struggle in the beginning, too. So I kinda understand your frustration.
I’ve just had the same error message in der graylog’s server.log. I did stop the ‘elasticsearch.service’ before - so that explained that it couldn’t be connected.
Have you checked whether your elasticsearch.service is actually started? Can you create a telnet connection on localhost 9200?

1 Like

Thank you for reply but it fails to work for me with latest version
I believe that linux repositories somewhere has something newer then it supposed to be and grayling is not compatible and something fails.

with an older version works fine as soon and grayling is updated to latest version it fails even with old 6.8 elastic search…

so definitely it has to do with linux repository library…

I think grayling should review latest ubuntu procedure installation and update accordingly to get it to work as of July 2022 this instruction fails
https://docs.graylog.org/docs/ubuntu

I hope someone can figure that instruction out and update here perhaps…

Thanks all