Can't show input


(Kieulam141) #1

Hello guys,
I installed 1 graylog cluster with 2 node and used nginx to load balance for them.But when i log in graylog web interface, I can’t see anything in “Input Section”.
I received notification “There is a node without any running inputs. (triggered 21 minutes ago)
There is a node without any running inputs. This means that you are not receiving any messages from this node at this point in time. This is most probably an indication of an error or misconfiguration”.
Here is my fault:
http://prntscr.com/ejcs04


(Jochen) #2

You can create inputs on the System / Inputs page.


(Kieulam141) #3

I switched to System / Inputs page, but nothing display.


(Jochen) #4

Yes, because you need to create and start an input there.


(Kieulam141) #5

here is my system/input page


(Jochen) #6

Ah, I see.

How exactly did you install Graylog?
How exactly did you configure Graylog?
How exactly did you configure nginx?
Are there any error messages in the logs of your Graylog nodes or in the Developer console of your web browser?


(Kieulam141) #7

I think my fault is nginx configuration.Because, when I forward message directly to 1 graylog node, I can work with it permantly.
Here is my nginx configuration

upstream graylog-web-cluster {
server x.x.x.x:9000;
server x.x.x.x:9000;
}

server
{
listen 80;
listen 443 ssl http2;
server_name xxx;

location /
{
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Graylog-Server-URL http://xxx/api;
proxy_pass http://graylog-web-cluster;
}
}


(Jochen) #8

Please answer all the questions.


(Kieulam141) #9

I install follow http://docs.graylog.org/en/2.2/pages/architecture.html#bigger-production-setup with 3 nodes elasticsearch + 2 node Graylog + 1 cluster mongodb + 1 nginx server for lb.
here is my graylog config file:
> is_master = true
> node_id_file = /etc/graylog/server/node-id
> password_secret = ***
> root_password_sha2 = ***
> root_email = “***”
> root_timezone = ***
> plugin_dir = /usr/share/graylog-server/plugin
> rest_listen_uri = http://***:9000/api/
> web_listen_uri = http://***:9000/
> #web_enable = false
> rotation_strategy = count
> elasticsearch_max_docs_per_index = 20000000
> elasticsearch_max_number_of_indices = 20
> retention_strategy = delete
> elasticsearch_shards = 3
> elasticsearch_replicas = 1
> elasticsearch_index_prefix = graylog
> allow_leading_wildcard_searches = false
> allow_highlighting = false
> elasticsearch_cluster_name = graylog
> elasticsearch_discovery_zen_ping_unicast_hosts = elas1:9300,elas2:9300,elas3:9300
> elasticsearch_network_host = ***
> elasticsearch_analyzer = standard
> output_batch_size = 500
> output_flush_interval = 1
> output_fault_count_threshold = 5
> output_fault_penalty_seconds = 30
> processbuffer_processors = 5
> outputbuffer_processors = 3
> processor_wait_strategy = blocking
> ring_size = 65536
> inputbuffer_ring_size = 65536
> inputbuffer_processors = 2
> inputbuffer_wait_strategy = blocking
> message_journal_enabled = true
> message_journal_dir = /var/lib/graylog-server/journal
> lb_recognition_period_seconds = 3
> lb_throttle_threshold_percentage = 95
> mongodb_uri = ***
> mongodb_max_connections = 1000
> mongodb_threads_allowed_to_block_multiplier = 5
> content_packs_dir = /usr/share/graylog-server/contentpacks

> content_packs_auto_load = grok-patterns.json

> proxied_requests_thread_pool_size = 32

(Jochen) #10

I’m sorry, but I’m unable to help you without the information I’ve requested.