Can't delete test input in system/input

1. Describe your incident:

I can’t delete a created input from web interface using admin user, but get an error of user permissions

The permissions check for the following request failed,
while trying to access /system/inputs.
There was an error fetching a resource: Access Denied. Additional information: <HTML>
<TITLE>Access Denied</TITLE>

<BODY BGCOLOR="white" FGCOLOR="black">
<H1>Access Denied</H1>

<FONT FACE="Helvetica,Arial"><B>
Description: You are not allowed to access the document you requested.

2. Describe your environment:

  • OS Information:
    Debian GNU/Linux 12 (bookworm)

  • Package Version:
    graylog-server/stable,now 5.1.7-1 amd64
    opensearch/stable,now 2.11.0 amd64 [installed]
    mongodb-org/bullseye,now 6.0.11 amd64 [installed]
    apache2/stable,now 2.4.57-2 amd64 [installed]

  • Service logs, configurations, and environment variables:


is_leader = true
node_id_file = /etc/graylog/server/node-id
root_username = admin
bin_dir = /usr/share/graylog-server/bin
data_dir = /var/lib/graylog-server
plugin_dir = /usr/share/graylog-server/plugin
http_enable_gzip = true
http_max_header_size = 8192
http_thread_pool_size = 64
allow_leading_wildcard_searches = false
allow_highlighting = false
output_batch_size = 500
output_flush_interval = 1
output_fault_count_threshold = 5
output_fault_penalty_seconds = 30
processbuffer_processors = 5
outputbuffer_processors = 3
processor_wait_strategy = blocking
ring_size = 65536
inputbuffer_ring_size = 65536
inputbuffer_processors = 2
inputbuffer_wait_strategy = blocking
message_journal_enabled = true
message_journal_dir = /var/lib/graylog-server/journal
message_journal_max_size = 5gb
lb_recognition_period_seconds = 3
mongodb_uri = mongodb://graylog:graylog@localhost/graylog
mongodb_max_connections = 1000

/etc/opensearch/opensearch.yml graylog ${HOSTNAME} /var/lib/opensearch
path.logs: /var/log/opensearch
discovery.type: single-node
action.auto_create_index: false true esnode.pem esnode-key.pem root-ca.pem false true esnode.pem esnode-key.pem root-ca.pem true true
  - CN=kirk,OU=client,O=client,L=test, C=de internal_opensearch true true ["all_access", "security_rest_api_access"] true [".plugins-ml-config", ".plugins-ml-connector", ".plugins-ml-model-group", ".plugins-ml-model", ".plugins-ml-task", ".plugins-ml-conversation-meta", ".plugins-ml-conversation-interactions", ".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opensearch-notifications-*", ".opensearch-notebooks", ".opensearch-observability", ".ql-datasources", ".opendistro-asynchronous-search-response*", ".replication-metadata-store", ".opensearch-knn-models", ".geospatial-ip2geo-data*"]
node.max_local_storage_nodes: 3


  dbPath: /var/lib/mongodb

  destination: file
  logAppend: true
  path: /var/log/mongodb/mongod.log

  port: 27017

  timeZoneInfo: /usr/share/zoneinfo






from access and error log of apache i got no particular info

3. What steps have you already taken to try and solve the problem?

Ive tried to investigate on apache, mongodb, opensearch and graylog logs but i cant figure out what i can try to do

4. How can the community help?

How can i delete the input?

Thank you all

How many graylog nodes do you have, is it just the one?

Can you try to delete via the api browser? /api/api-browser/

And if that fails can you post the response text? Can you check your server.log to see if there are any errors?

Yes, i have just one graylog node

I get on api browser from /api/api-browser/global/index.html because from /api/api-browser i get a login page where i cant login

This is the error if i try to delete from api browser

Response Body

Access Denied

Description: You are not allowed to access the document you requested.

Response Code
Response Headers
{"Cache-Control":"no-store","Connection":"keep-alive","Content-Language":"en","Content-Length":"249","Content-Type":"text/html","Date":"Fri, 27 Oct 2023 09:40:24 GMT"}

i found no errors on server.log

Can you try to login to your graylog cluster with your admin account and then navigate to the API browser page? It will reuse the same user session.

Yes, i log in on the cluster (http://graylogIP/) with admin account, then i go to System, then Nodes, then Cluster Global Api Browser and i get to te API browser page. From there i try to delete the input and then get the error

Update: i get this error also when i try to delete streams and inputs, but i can create them with no problem


I finally solved the problem by deactivating from the Internet settings of my client the use of an http proxy. Although it was explicit among the options not to use the proxy for local addresses, once it was disabled I was able to complete all operations

Thnak you

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.