Clean Install Graylog Version 5.2 Connection Refused on Browser

1. Describe your incident:
Installed Graylog version 5.2 as outlined in ubuntu_installation and cannot access the Web UI on my internet browser (e.g. Chrome, Edge) through local address 127.0.0.1:9000. I get ‘connection refused’. I am able to curl the UI with the credentials:

curl -u admin http://127.0.0.1:9000 Enter host password for user 'admin': <!doctype html><html lang="en"><head><meta charset="UTF-8"><title>Graylog Initial Setup</title><link rel="icon" href="favicon.png"><script defer="defer" src="preflight.74e26a862ceb019dbf49.js"></script></head><body><div id="app-root"/></body></html>

2. Describe your environment:

• OS Information: Ubuntu 22.04.4 LTS

• Package Version:
  ** graylog-server/stable 5.2.10-1 amd64
  ** MongoDB version 6.0.16
  ** Opensearch version 2.11.1

• Service logs, configurations, and environment variables:
  Service Log:

2024-08-11T14:20:10.701-04:00 INFO  [CmdLineTool] Loaded plugin: AWS plugins 5.2.10+c04b5a4 [org.graylog.aws.AWSPlugin]
2024-08-11T14:20:10.702-04:00 INFO  [CmdLineTool] Loaded plugin: Integrations 5.2.10+c04b5a4 [org.graylog.integrations.IntegrationsPlugin]
2024-08-11T14:20:10.702-04:00 INFO  [CmdLineTool] Loaded plugin: Threat Intelligence Plugin 5.2.10+c04b5a4 [org.graylog.plugins.threatintel.ThreatIntelPlugin]
2024-08-11T14:20:10.703-04:00 INFO  [CmdLineTool] Loaded plugin: Elasticsearch 7 Support 5.2.10+c04b5a4 [org.graylog.storage.elasticsearch7.Elasticsearch7Plugin]
2024-08-11T14:20:10.703-04:00 INFO  [CmdLineTool] Loaded plugin: OpenSearch 2 Support 5.2.10+c04b5a4 [org.graylog.storage.opensearch2.OpenSearch2Plugin]
2024-08-11T14:20:10.714-04:00 INFO  [CmdLineTool] Running with JVM arguments: -Xms1g -Xmx1g -XX:+UseG1GC -XX:-OmitStackTraceInFastThrow -Djdk.tls.acknowledgeCloseNotify=true -Dlog4j2.formatMsgNoLookups=true -Dlog4j.configurationFile=file:///etc/graylog/server/log4j2.xml -Dgraylog2.installation_source=deb
2024-08-11T14:20:10.828-04:00 INFO  [client] MongoClient with metadata {"driver": {"name": "mongo-java-driver|legacy", "version": "4.8.1"}, "os": {"type": "Linux", "name": "Linux", "architecture": "amd64", "version": "5.15.153.1-microsoft-standard-WSL2"}, "platform": "Java/Eclipse Adoptium/17.0.12+7"} created with settings MongoClientSettings{readPreference=primary, writeConcern=WriteConcern{w=null, wTimeout=null ms, journal=null}, retryWrites=true, retryReads=true, readConcern=ReadConcern{level=null}, credential=null, streamFactoryFactory=null, commandListeners=[], codecRegistry=ProvidersCodecRegistry{codecProviders=[ValueCodecProvider{}, BsonValueCodecProvider{}, DBRefCodecProvider{}, DBObjectCodecProvider{}, DocumentCodecProvider{}, CollectionCodecProvider{}, IterableCodecProvider{}, MapCodecProvider{}, GeoJsonCodecProvider{}, GridFSFileCodecProvider{}, Jsr310CodecProvider{}, JsonObjectCodecProvider{}, BsonCodecProvider{}, EnumCodecProvider{}, com.mongodb.Jep395RecordCodecProvider@761e788f]}, clusterSettings={hosts=[localhost:27017], srvServiceName=mongodb, mode=SINGLE, requiredClusterType=UNKNOWN, requiredReplicaSetName='null', serverSelector='null', clusterListeners='[]', serverSelectionTimeout='30000 ms', localThreshold='30000 ms'}, socketSettings=SocketSettings{connectTimeoutMS=10000, readTimeoutMS=0, receiveBufferSize=0, sendBufferSize=0}, heartbeatSocketSettings=SocketSettings{connectTimeoutMS=10000, readTimeoutMS=10000, receiveBufferSize=0, sendBufferSize=0}, connectionPoolSettings=ConnectionPoolSettings{maxSize=1000, minSize=0, maxWaitTimeMS=120000, maxConnectionLifeTimeMS=0, maxConnectionIdleTimeMS=0, maintenanceInitialDelayMS=0, maintenanceFrequencyMS=60000, connectionPoolListeners=[], maxConnecting=2}, serverSettings=ServerSettings{heartbeatFrequencyMS=10000, minHeartbeatFrequencyMS=500, serverListeners='[]', serverMonitorListeners='[]'}, sslSettings=SslSettings{enabled=false, invalidHostNameAllowed=false, context=null}, applicationName='null', compressorList=[], uuidRepresentation=UNSPECIFIED, serverApi=null, autoEncryptionSettings=null, contextProvider=null}
2024-08-11T14:20:10.830-04:00 INFO  [client] MongoClient with metadata {"driver": {"name": "mongo-java-driver|legacy", "version": "4.8.1"}, "os": {"type": "Linux", "name": "Linux", "architecture": "amd64", "version": "5.15.153.1-microsoft-standard-WSL2"}, "platform": "Java/Eclipse Adoptium/17.0.12+7"} created with settings MongoClientSettings{readPreference=primary, writeConcern=WriteConcern{w=null, wTimeout=null ms, journal=null}, retryWrites=true, retryReads=true, readConcern=ReadConcern{level=null}, credential=null, streamFactoryFactory=null, commandListeners=[], codecRegistry=ProvidersCodecRegistry{codecProviders=[ValueCodecProvider{}, BsonValueCodecProvider{}, DBRefCodecProvider{}, DBObjectCodecProvider{}, DocumentCodecProvider{}, CollectionCodecProvider{}, IterableCodecProvider{}, MapCodecProvider{}, GeoJsonCodecProvider{}, GridFSFileCodecProvider{}, Jsr310CodecProvider{}, JsonObjectCodecProvider{}, BsonCodecProvider{}, EnumCodecProvider{}, com.mongodb.Jep395RecordCodecProvider@761e788f]}, clusterSettings={hosts=[localhost:27017], srvServiceName=mongodb, mode=SINGLE, requiredClusterType=UNKNOWN, requiredReplicaSetName='null', serverSelector='null', clusterListeners='[]', serverSelectionTimeout='30000 ms', localThreshold='30000 ms'}, socketSettings=SocketSettings{connectTimeoutMS=10000, readTimeoutMS=0, receiveBufferSize=0, sendBufferSize=0}, heartbeatSocketSettings=SocketSettings{connectTimeoutMS=10000, readTimeoutMS=10000, receiveBufferSize=0, sendBufferSize=0}, connectionPoolSettings=ConnectionPoolSettings{maxSize=1000, minSize=0, maxWaitTimeMS=120000, maxConnectionLifeTimeMS=0, maxConnectionIdleTimeMS=0, maintenanceInitialDelayMS=0, maintenanceFrequencyMS=60000, connectionPoolListeners=[], maxConnecting=2}, serverSettings=ServerSettings{heartbeatFrequencyMS=10000, minHeartbeatFrequencyMS=500, serverListeners='[]', serverMonitorListeners='[]'}, sslSettings=SslSettings{enabled=false, invalidHostNameAllowed=false, context=null}, applicationName='null', compressorList=[], uuidRepresentation=UNSPECIFIED, serverApi=null, autoEncryptionSettings=null, contextProvider=null}
2024-08-11T14:20:10.842-04:00 INFO  [cluster] Cluster description not yet available. Waiting for 30000 ms before timing out
2024-08-11T14:20:10.849-04:00 INFO  [cluster] Monitor thread successfully connected to server with description ServerDescription{address=localhost:27017, type=STANDALONE, state=CONNECTED, ok=true, minWireVersion=0, maxWireVersion=17, maxDocumentSize=16777216, logicalSessionTimeoutMinutes=30, roundTripTimeNanos=17113623}
2024-08-11T14:20:10.907-04:00 INFO  [MongoDBPreflightCheck] Connected to MongoDB version 6.0.16
2024-08-11T14:20:11.222-04:00 INFO  [client] MongoClient with metadata {"driver": {"name": "mongo-java-driver|legacy", "version": "4.8.1"}, "os": {"type": "Linux", "name": "Linux", "architecture": "amd64", "version": "5.15.153.1-microsoft-standard-WSL2"}, "platform": "Java/Eclipse Adoptium/17.0.12+7"} created with settings MongoClientSettings{readPreference=primary, writeConcern=WriteConcern{w=null, wTimeout=null ms, journal=null}, retryWrites=true, retryReads=true, readConcern=ReadConcern{level=null}, credential=null, streamFactoryFactory=null, commandListeners=[], codecRegistry=ProvidersCodecRegistry{codecProviders=[ValueCodecProvider{}, BsonValueCodecProvider{}, DBRefCodecProvider{}, DBObjectCodecProvider{}, DocumentCodecProvider{}, CollectionCodecProvider{}, IterableCodecProvider{}, MapCodecProvider{}, GeoJsonCodecProvider{}, GridFSFileCodecProvider{}, Jsr310CodecProvider{}, JsonObjectCodecProvider{}, BsonCodecProvider{}, EnumCodecProvider{}, com.mongodb.Jep395RecordCodecProvider@761e788f]}, clusterSettings={hosts=[localhost:27017], srvServiceName=mongodb, mode=SINGLE, requiredClusterType=UNKNOWN, requiredReplicaSetName='null', serverSelector='null', clusterListeners='[]', serverSelectionTimeout='30000 ms', localThreshold='30000 ms'}, socketSettings=SocketSettings{connectTimeoutMS=10000, readTimeoutMS=0, receiveBufferSize=0, sendBufferSize=0}, heartbeatSocketSettings=SocketSettings{connectTimeoutMS=10000, readTimeoutMS=10000, receiveBufferSize=0, sendBufferSize=0}, connectionPoolSettings=ConnectionPoolSettings{maxSize=1000, minSize=0, maxWaitTimeMS=120000, maxConnectionLifeTimeMS=0, maxConnectionIdleTimeMS=0, maintenanceInitialDelayMS=0, maintenanceFrequencyMS=60000, connectionPoolListeners=[], maxConnecting=2}, serverSettings=ServerSettings{heartbeatFrequencyMS=10000, minHeartbeatFrequencyMS=500, serverListeners='[]', serverMonitorListeners='[]'}, sslSettings=SslSettings{enabled=false, invalidHostNameAllowed=false, context=null}, applicationName='null', compressorList=[], uuidRepresentation=UNSPECIFIED, serverApi=null, autoEncryptionSettings=null, contextProvider=null}
2024-08-11T14:20:11.222-04:00 INFO  [cluster] Monitor thread successfully connected to server with description ServerDescription{address=localhost:27017, type=STANDALONE, state=CONNECTED, ok=true, minWireVersion=0, maxWireVersion=17, maxDocumentSize=16777216, logicalSessionTimeoutMinutes=30, roundTripTimeNanos=1161222}
2024-08-11T14:20:11.223-04:00 INFO  [client] MongoClient with metadata {"driver": {"name": "mongo-java-driver|legacy", "version": "4.8.1"}, "os": {"type": "Linux", "name": "Linux", "architecture": "amd64", "version": "5.15.153.1-microsoft-standard-WSL2"}, "platform": "Java/Eclipse Adoptium/17.0.12+7"} created with settings MongoClientSettings{readPreference=primary, writeConcern=WriteConcern{w=null, wTimeout=null ms, journal=null}, retryWrites=true, retryReads=true, readConcern=ReadConcern{level=null}, credential=null, streamFactoryFactory=null, commandListeners=[], codecRegistry=ProvidersCodecRegistry{codecProviders=[ValueCodecProvider{}, BsonValueCodecProvider{}, DBRefCodecProvider{}, DBObjectCodecProvider{}, DocumentCodecProvider{}, CollectionCodecProvider{}, IterableCodecProvider{}, MapCodecProvider{}, GeoJsonCodecProvider{}, GridFSFileCodecProvider{}, Jsr310CodecProvider{}, JsonObjectCodecProvider{}, BsonCodecProvider{}, EnumCodecProvider{}, com.mongodb.Jep395RecordCodecProvider@761e788f]}, clusterSettings={hosts=[localhost:27017], srvServiceName=mongodb, mode=SINGLE, requiredClusterType=UNKNOWN, requiredReplicaSetName='null', serverSelector='null', clusterListeners='[]', serverSelectionTimeout='30000 ms', localThreshold='30000 ms'}, socketSettings=SocketSettings{connectTimeoutMS=10000, readTimeoutMS=0, receiveBufferSize=0, sendBufferSize=0}, heartbeatSocketSettings=SocketSettings{connectTimeoutMS=10000, readTimeoutMS=10000, receiveBufferSize=0, sendBufferSize=0}, connectionPoolSettings=ConnectionPoolSettings{maxSize=1000, minSize=0, maxWaitTimeMS=120000, maxConnectionLifeTimeMS=0, maxConnectionIdleTimeMS=0, maintenanceInitialDelayMS=0, maintenanceFrequencyMS=60000, connectionPoolListeners=[], maxConnecting=2}, serverSettings=ServerSettings{heartbeatFrequencyMS=10000, minHeartbeatFrequencyMS=500, serverListeners='[]', serverMonitorListeners='[]'}, sslSettings=SslSettings{enabled=false, invalidHostNameAllowed=false, context=null}, applicationName='null', compressorList=[], uuidRepresentation=UNSPECIFIED, serverApi=null, autoEncryptionSettings=null, contextProvider=null}
2024-08-11T14:20:11.231-04:00 INFO  [IndexerDiscoveryProvider] No indexer hosts configured, using fallback http://127.0.0.1:9200
2024-08-11T14:20:11.358-04:00 INFO  [FilePersistedNodeIdProvider] Node ID: 42da9f4a-bbe7-4ec9-8262-4f961704c5d3
2024-08-11T14:20:11.505-04:00 INFO  [ServerBootstrap] Fresh installation detected, starting configuration webserver
2024-08-11T14:20:11.506-04:00 INFO  [ServerBootstrap] Running 1 migrations...
2024-08-11T14:20:11.528-04:00 INFO  [PeriodicalsService] Starting 3 periodicals ...
2024-08-11T14:20:11.529-04:00 INFO  [Periodicals] Starting [org.graylog2.bootstrap.preflight.GraylogCertificateProvisioningPeriodical] periodical in [2s], polling every [2s].
2024-08-11T14:20:11.530-04:00 INFO  [Periodicals] Starting [org.graylog2.events.ClusterEventPeriodical] periodical in [0s], polling every [1s].
2024-08-11T14:20:11.531-04:00 INFO  [Periodicals] Starting [org.graylog2.events.ClusterEventCleanupPeriodical] periodical in [0s], polling every [86400s].
2024-08-11T14:20:11.837-04:00 INFO  [Version] HV000001: Hibernate Validator null
2024-08-11T14:20:12.017-04:00 INFO  [NetworkListener] Started listener bound to [0.0.0.0:9000]
2024-08-11T14:20:12.018-04:00 INFO  [HttpServer] [HttpServer] Started.
2024-08-11T14:20:12.021-04:00 INFO  [PreflightJerseyService]
                                                             ---
                                                             ---
                                                             ---
    ########  ###   ######### ##########   ####         #### ---         .----               ----
  ###############   ###################### #####       ####  ---      ------------       .----------- --
 #####     ######   #####              #### ####      ####   ---     ---        ---     ---        -----
####         ####   ####       ############  ####     ####   ---    --           ---   ---           ---
###           ###   ####     ##############   ####   ####    ---   ---            --   --             --
####         ####   ####    ####       ####    #### ####     ---   ---            --   --            .--
#####       #####   ####    ####       ####     #######      ---    ---          ---   ---           ---
 ################   ####     ##############     ######-       --     ----      ----      ---       -----
   ##############   ####      #############      #####        -----   -----------         ----------  --
             ####                                ####                                                ---
#####       ####                                ####                                     -          .--
  #############                                ####                                     -----     ----
     ######                                   ####                                          -------

========================================================================================================

It seems you are starting Graylog for the first time. To set up a fresh install, a setup interface has
been started. You must log in to it to perform the initial configuration and continue.

Initial configuration is accessible at 0.0.0.0:9000, with username '<username>' and password '<password>'.
Try clicking on http://<username>:<password>@0.0.0.0:9000

========================================================================================================

Server Configuration (truncated for space) - I only updated what was called out in the installation instructions.

# GRAYLOG CONFIGURATION FILE
############################
#
# This is the Graylog configuration file. The file has to use ISO 8859-1/Latin-1 character encoding.
# Characters that cannot be directly represented in this encoding can be written using Unicode escapes
# as defined in https://docs.oracle.com/javase/specs/jls/se8/html/jls-3.html#jls-3.3, using the \u prefix.
# For example, \u002c.
#
# * Entries are generally expected to be a single line of the form, one of the following:
#
# propertyName=propertyValue
# propertyName:propertyValue
#
# * White space that appears between the property name and property value is ignored,
#   so the following are equivalent:
#
# name=Stephen
# name = Stephen
#
# * White space at the beginning of the line is also ignored.
#
# * Lines that start with the comment characters ! or # are ignored. Blank lines are also ignored.
#
# * The property value is generally terminated by the end of the line. White space following the
#   property value is not ignored, and is treated as part of the property value.
#
# * A property value can span several lines if each line is terminated by a backslash (‘\’) character.
#   For example:
#
# targetCities=\
#         Detroit,\
#         Chicago,\
#         Los Angeles
#
#   This is equivalent to targetCities=Detroit,Chicago,Los Angeles (white space at the beginning of lines is ignored).
#
# * The characters newline, carriage return, and tab can be inserted with characters \n, \r, and \t, respectively.
#
# * The backslash character must be escaped as a double backslash. For example:
#
# path=c:\\docs\\doc1
#

# If you are running more than one instances of Graylog server you have to select one of these
# instances as leader. The leader will perform some periodical tasks that non-leaders won't perform.
is_leader = true

# The auto-generated node ID will be stored in this file and read after restarts. It is a good idea
# to use an absolute file path here if you are starting Graylog server from init scripts or similar.
node_id_file = /etc/graylog/server/node-id

# You MUST set a secret to secure/pepper the stored user passwords here. Use at least 64 characters.
# Generate one by using for example: pwgen -N 1 -s 96
# ATTENTION: This value must be the same on all Graylog nodes in the cluster.
# Changing this value after installation will render all user sessions and encrypted values in the database invalid. (e.g. encrypted access tokens)
password_secret = <password_secret>

# The default root user is named 'admin'
#root_username = admin

# You MUST specify a hash password for the root user (which you only need to initially set up the
# system and in case you lose connectivity to your authentication backend)
# This password cannot be changed using the API or via the web interface. If you need to change it,
# modify it in this file.
# Create one by using for example: echo -n yourpassword | shasum -a 256
# and put the resulting hash value into the following line
root_password_sha2 = <root_password_sha2>

# The email address of the root user.
# Default is empty
#root_email = ""

# The time zone setting of the root user. See http://www.joda.org/joda-time/timezones.html for a list of valid time zones.
# Default is UTC
#root_timezone = UTC

# Set the bin directory here (relative or absolute)
# This directory contains binaries that are used by the Graylog server.
# Default: bin
bin_dir = /usr/share/graylog-server/bin

# Set the data directory here (relative or absolute)
# This directory is used to store Graylog server state.
# Default: data
data_dir = /var/lib/graylog-server

# Set plugin directory here (relative or absolute)
plugin_dir = /usr/share/graylog-server/plugin

###############
# HTTP settings
###############

#### HTTP bind address
#
# The network interface used by the Graylog HTTP interface.
#
# This network interface must be accessible by all Graylog nodes in the cluster and by all clients
# using the Graylog web interface.
#
# If the port is omitted, Graylog will use port 9000 by default.
#
# Default: 127.0.0.1:9000
http_bind_address = 0.0.0.0:9000
#http_bind_address = [2001:db8::1]:9000

#### HTTP publish URI
#
# The HTTP URI of this Graylog node which is used to communicate with the other Graylog nodes in the cluster and by all
# clients using the Graylog web interface.
#
# The URI will be published in the cluster discovery APIs, so that other Graylog nodes will be able to find and connect to this Graylog node.
#
# This configuration setting has to be used if this Graylog node is available on another network interface than $http_bind_address,
# for example if the machine has multiple network interfaces or is behind a NAT gateway.
#
# If $http_bind_address contains a wildcard IPv4 address (0.0.0.0), the first non-loopback IPv4 address of this machine will be used.
# This configuration setting *must not* contain a wildcard address!
#
# Default: http://$http_bind_address/
#http_publish_uri = http://192.168.1.1:9000/

#### External Graylog URI
#
# The public URI of Graylog which will be used by the Graylog web interface to communicate with the Graylog REST API.
#
# The external Graylog URI usually has to be specified, if Graylog is running behind a reverse proxy or load-balancer
# and it will be used to generate URLs addressing entities in the Graylog REST API (see $http_bind_address).
#
# When using Graylog Collector, this URI will be used to receive heartbeat messages and must be accessible for all collectors.
#
# This setting can be overridden on a per-request basis with the "X-Graylog-Server-URL" HTTP request header.
#
# Default: $http_publish_uri
#http_external_uri =

#### Enable CORS headers for HTTP interface
#
# This allows browsers to make Cross-Origin requests from any origin.
# This is disabled for security reasons and typically only needed if running graylog
# with a separate server for frontend development.
#
# Default: false
#http_enable_cors = false
......
# Do you want to allow searches with leading wildcards? This can be extremely resource hungry and should only
# be enabled with care. See also: https://docs.graylog.org/docs/query-language
allow_leading_wildcard_searches = false

# Do you want to allow searches to be highlighted? Depending on the size of your messages this can be memory hungry and
# should only be enabled after making sure your Elasticsearch cluster has enough memory.
allow_highlighting = false

# Sets field value suggestion mode. The possible values are:
#  1. "off" - field value suggestions are turned off
#  2. "textual_only" - field values are suggested only for textual fields
#  3. "on" (default) - field values are suggested for all field types, even the types where suggestions are inefficient performance-wise
field_value_suggestion_mode = on
.....
# MongoDB connection string
# See https://docs.mongodb.com/manual/reference/connection-string/ for details
mongodb_uri = mongodb://localhost/graylog

# Authenticate against the MongoDB server
# '+'-signs in the username or password need to be replaced by '%2B'
#mongodb_uri = mongodb://grayloguser:secret@localhost:27017/graylog

# Use a replica set instead of a single host
#mongodb_uri = mongodb://grayloguser:secret@localhost:27017,localhost:27018,localhost:27019/graylog?replicaSet=rs01

# DNS Seedlist https://docs.mongodb.com/manual/reference/connection-string/#dns-seedlist-connection-format
#mongodb_uri = mongodb+srv://server.example.org/graylog

# Increase this value according to the maximum connections your MongoDB server can handle from a single client
# if you encounter MongoDB connection problems.
mongodb_max_connections = 1000

# Maximum number of attempts to connect to MongoDB on boot for the version probe.
#
# Default: 0, retry indefinitely until a connection can be established
#mongodb_version_probe_attempts = 5

3. What steps have you already taken totry and solve the problem?

*I have tried changing http_bind_address to 127.0.0.1:9000, but that did not work.

• I have made sure MongoDB is running and it is:

● mongod.service - MongoDB Database Server
     Loaded: loaded (/lib/systemd/system/mongod.service; enabled; vendor preset: enabled)
     Active: active (running) since Sun 2024-08-11 14:48:27 EDT; 1min 45s ago
       Docs: https://docs.mongodb.org/manual
   Main PID: 464882 (mongod)
     Memory: 181.4M
     CGroup: /system.slice/mongod.service
             └─464882 /usr/bin/mongod --config /etc/mongod.conf

Aug 11 14:48:27 <username> systemd[1]: Started MongoDB Database Server.
Aug 11 14:48:27 <username> mongod[464882]: {"t":{"$date":"2024-08-11T18:48:27.363Z"},"s":"I",  "c":"CONTROL",  "id":7484500

• I have made sure Opensearch is running and it is:

{
  "name" : "<name>",
  "cluster_name" : "graylog",
  "cluster_uuid" : "wducSYyVQAi1Msvepto4rg",
  "version" : {
    "distribution" : "opensearch",
    "number" : "2.11.1",
    "build_type" : "deb",
    "build_hash" : "6b1986e964d440be9137eba1413015c31c5a7752",
    "build_date" : "2023-11-29T21:43:44.221253956Z",
    "build_snapshot" : false,
    "lucene_version" : "9.7.0",
    "minimum_wire_compatibility_version" : "7.10.0",
    "minimum_index_compatibility_version" : "7.0.0"
  },
  "tagline" : "The OpenSearch Project: https://opensearch.org/"
}

• I tried installing a newer version of Opensearch (e.g. 2.12), but I was getting a JVM error:

Aug 10 19:52:05 systemd-entrypoint[216646]: output:
Aug 10 19:52:05 systemd-entrypoint[216646]: [0.000s][error][logging] Error opening log file '/var/log/opensearch/gc.log': Permission denied
Aug 10 19:52:05 systemd-entrypoint[216646]: [0.000s][error][logging] Initialization of output 'file=/var/log/opensearch/gc.log' using options 'filecount=32,filesize=64m' failed.
Aug 10 19:52:05 systemd-entrypoint[216646]: error:
Aug 10 19:52:05 systemd-entrypoint[216646]: Invalid -Xlog option '-Xlog:gc*,gc+age=trace,safepoint:file=/var/log/opensearch/gc.log:utctime,pid,tags:filecount=32,filesize=64m', see error log for details.
Aug 10 19:52:05 systemd-entrypoint[216646]: Error: Could not create the Java Virtual Machine.
``` This is why I reverted to version 2.11.1. 

* I tried installing Graylog version 6, but get same 'connection refused'.



**4. How can the community help?**
Identify if there are changes needed in the server configuration and help me please.






**Helpful Posting Tips:**  https://community.graylog.org/t/tips-for-posting-questions-that-get-answers/21828  [Hold down CTRL and link on link to open tips documents in a separate tab]

I think you are are missing the setting in your server.conf

elasticsearch_hosts = https://node1:9200

So it’s putting you into preflight mode whoch has all kind of weirdness, if you add that in with the proper address then restart everything you should get to the correct loging page.

Hi, thank you for the reply.

I updated the setting to elasticsearch_hosts = http://0.0.0.0:9200 (from its default) and now my log looks like this:

2024-08-11T23:34:55.276-04:00 INFO  [CmdLineTool] Loaded plugin: AWS plugins 5.2.10+c04b5a4 [org.graylog.aws.AWSPlugin]
2024-08-11T23:34:55.277-04:00 INFO  [CmdLineTool] Loaded plugin: Integrations 5.2.10+c04b5a4 [org.graylog.integrations.IntegrationsPlugin]
2024-08-11T23:34:55.277-04:00 INFO  [CmdLineTool] Loaded plugin: Threat Intelligence Plugin 5.2.10+c04b5a4 [org.graylog.plugins.threatintel.ThreatIntelPlugin]
2024-08-11T23:34:55.278-04:00 INFO  [CmdLineTool] Loaded plugin: Elasticsearch 7 Support 5.2.10+c04b5a4 [org.graylog.storage.elasticsearch7.Elasticsearch7Plugin]
2024-08-11T23:34:55.278-04:00 INFO  [CmdLineTool] Loaded plugin: OpenSearch 2 Support 5.2.10+c04b5a4 [org.graylog.storage.opensearch2.OpenSearch2Plugin]
2024-08-11T23:34:55.305-04:00 INFO  [CmdLineTool] Running with JVM arguments: -Xms1g -Xmx1g -XX:+UseG1GC -XX:-OmitStackTraceInFastThrow -Djdk.tls.acknowledgeCloseNotify=true -Dlog4j2.formatMsgNoLookups=true -Dlog4j.configurationFile=file:///etc/graylog/server/log4j2.xml -Dgraylog2.installation_source=deb
2024-08-11T23:34:55.528-04:00 INFO  [client] MongoClient with metadata {"driver": {"name": "mongo-java-driver|legacy", "version": "4.8.1"}, "os": {"type": "Linux", "name": "Linux", "architecture": "amd64", "version": "5.15.153.1-microsoft-standard-WSL2"}, "platform": "Java/Eclipse Adoptium/17.0.12+7"} created with settings MongoClientSettings{readPreference=primary, writeConcern=WriteConcern{w=null, wTimeout=null ms, journal=null}, retryWrites=true, retryReads=true, readConcern=ReadConcern{level=null}, credential=null, streamFactoryFactory=null, commandListeners=[], codecRegistry=ProvidersCodecRegistry{codecProviders=[ValueCodecProvider{}, BsonValueCodecProvider{}, DBRefCodecProvider{}, DBObjectCodecProvider{}, DocumentCodecProvider{}, CollectionCodecProvider{}, IterableCodecProvider{}, MapCodecProvider{}, GeoJsonCodecProvider{}, GridFSFileCodecProvider{}, Jsr310CodecProvider{}, JsonObjectCodecProvider{}, BsonCodecProvider{}, EnumCodecProvider{}, com.mongodb.Jep395RecordCodecProvider@1b1f5012]}, clusterSettings={hosts=[localhost:27017], srvServiceName=mongodb, mode=SINGLE, requiredClusterType=UNKNOWN, requiredReplicaSetName='null', serverSelector='null', clusterListeners='[]', serverSelectionTimeout='30000 ms', localThreshold='30000 ms'}, socketSettings=SocketSettings{connectTimeoutMS=10000, readTimeoutMS=0, receiveBufferSize=0, sendBufferSize=0}, heartbeatSocketSettings=SocketSettings{connectTimeoutMS=10000, readTimeoutMS=10000, receiveBufferSize=0, sendBufferSize=0}, connectionPoolSettings=ConnectionPoolSettings{maxSize=1000, minSize=0, maxWaitTimeMS=120000, maxConnectionLifeTimeMS=0, maxConnectionIdleTimeMS=0, maintenanceInitialDelayMS=0, maintenanceFrequencyMS=60000, connectionPoolListeners=[], maxConnecting=2}, serverSettings=ServerSettings{heartbeatFrequencyMS=10000, minHeartbeatFrequencyMS=500, serverListeners='[]', serverMonitorListeners='[]'}, sslSettings=SslSettings{enabled=false, invalidHostNameAllowed=false, context=null}, applicationName='null', compressorList=[], uuidRepresentation=UNSPECIFIED, serverApi=null, autoEncryptionSettings=null, contextProvider=null}
2024-08-11T23:34:55.530-04:00 INFO  [client] MongoClient with metadata {"driver": {"name": "mongo-java-driver|legacy", "version": "4.8.1"}, "os": {"type": "Linux", "name": "Linux", "architecture": "amd64", "version": "5.15.153.1-microsoft-standard-WSL2"}, "platform": "Java/Eclipse Adoptium/17.0.12+7"} created with settings MongoClientSettings{readPreference=primary, writeConcern=WriteConcern{w=null, wTimeout=null ms, journal=null}, retryWrites=true, retryReads=true, readConcern=ReadConcern{level=null}, credential=null, streamFactoryFactory=null, commandListeners=[], codecRegistry=ProvidersCodecRegistry{codecProviders=[ValueCodecProvider{}, BsonValueCodecProvider{}, DBRefCodecProvider{}, DBObjectCodecProvider{}, DocumentCodecProvider{}, CollectionCodecProvider{}, IterableCodecProvider{}, MapCodecProvider{}, GeoJsonCodecProvider{}, GridFSFileCodecProvider{}, Jsr310CodecProvider{}, JsonObjectCodecProvider{}, BsonCodecProvider{}, EnumCodecProvider{}, com.mongodb.Jep395RecordCodecProvider@1b1f5012]}, clusterSettings={hosts=[localhost:27017], srvServiceName=mongodb, mode=SINGLE, requiredClusterType=UNKNOWN, requiredReplicaSetName='null', serverSelector='null', clusterListeners='[]', serverSelectionTimeout='30000 ms', localThreshold='30000 ms'}, socketSettings=SocketSettings{connectTimeoutMS=10000, readTimeoutMS=0, receiveBufferSize=0, sendBufferSize=0}, heartbeatSocketSettings=SocketSettings{connectTimeoutMS=10000, readTimeoutMS=10000, receiveBufferSize=0, sendBufferSize=0}, connectionPoolSettings=ConnectionPoolSettings{maxSize=1000, minSize=0, maxWaitTimeMS=120000, maxConnectionLifeTimeMS=0, maxConnectionIdleTimeMS=0, maintenanceInitialDelayMS=0, maintenanceFrequencyMS=60000, connectionPoolListeners=[], maxConnecting=2}, serverSettings=ServerSettings{heartbeatFrequencyMS=10000, minHeartbeatFrequencyMS=500, serverListeners='[]', serverMonitorListeners='[]'}, sslSettings=SslSettings{enabled=false, invalidHostNameAllowed=false, context=null}, applicationName='null', compressorList=[], uuidRepresentation=UNSPECIFIED, serverApi=null, autoEncryptionSettings=null, contextProvider=null}
2024-08-11T23:34:55.546-04:00 INFO  [cluster] Cluster description not yet available. Waiting for 30000 ms before timing out
2024-08-11T23:34:55.554-04:00 INFO  [cluster] Monitor thread successfully connected to server with description ServerDescription{address=localhost:27017, type=STANDALONE, state=CONNECTED, ok=true, minWireVersion=0, maxWireVersion=17, maxDocumentSize=16777216, logicalSessionTimeoutMinutes=30, roundTripTimeNanos=20786676}
2024-08-11T23:34:55.634-04:00 INFO  [MongoDBPreflightCheck] Connected to MongoDB version 6.0.16
2024-08-11T23:34:56.113-04:00 INFO  [client] MongoClient with metadata {"driver": {"name": "mongo-java-driver|legacy", "version": "4.8.1"}, "os": {"type": "Linux", "name": "Linux", "architecture": "amd64", "version": "5.15.153.1-microsoft-standard-WSL2"}, "platform": "Java/Eclipse Adoptium/17.0.12+7"} created with settings MongoClientSettings{readPreference=primary, writeConcern=WriteConcern{w=null, wTimeout=null ms, journal=null}, retryWrites=true, retryReads=true, readConcern=ReadConcern{level=null}, credential=null, streamFactoryFactory=null, commandListeners=[], codecRegistry=ProvidersCodecRegistry{codecProviders=[ValueCodecProvider{}, BsonValueCodecProvider{}, DBRefCodecProvider{}, DBObjectCodecProvider{}, DocumentCodecProvider{}, CollectionCodecProvider{}, IterableCodecProvider{}, MapCodecProvider{}, GeoJsonCodecProvider{}, GridFSFileCodecProvider{}, Jsr310CodecProvider{}, JsonObjectCodecProvider{}, BsonCodecProvider{}, EnumCodecProvider{}, com.mongodb.Jep395RecordCodecProvider@1b1f5012]}, clusterSettings={hosts=[localhost:27017], srvServiceName=mongodb, mode=SINGLE, requiredClusterType=UNKNOWN, requiredReplicaSetName='null', serverSelector='null', clusterListeners='[]', serverSelectionTimeout='30000 ms', localThreshold='30000 ms'}, socketSettings=SocketSettings{connectTimeoutMS=10000, readTimeoutMS=0, receiveBufferSize=0, sendBufferSize=0}, heartbeatSocketSettings=SocketSettings{connectTimeoutMS=10000, readTimeoutMS=10000, receiveBufferSize=0, sendBufferSize=0}, connectionPoolSettings=ConnectionPoolSettings{maxSize=1000, minSize=0, maxWaitTimeMS=120000, maxConnectionLifeTimeMS=0, maxConnectionIdleTimeMS=0, maintenanceInitialDelayMS=0, maintenanceFrequencyMS=60000, connectionPoolListeners=[], maxConnecting=2}, serverSettings=ServerSettings{heartbeatFrequencyMS=10000, minHeartbeatFrequencyMS=500, serverListeners='[]', serverMonitorListeners='[]'}, sslSettings=SslSettings{enabled=false, invalidHostNameAllowed=false, context=null}, applicationName='null', compressorList=[], uuidRepresentation=UNSPECIFIED, serverApi=null, autoEncryptionSettings=null, contextProvider=null}
2024-08-11T23:34:56.113-04:00 INFO  [cluster] Monitor thread successfully connected to server with description ServerDescription{address=localhost:27017, type=STANDALONE, state=CONNECTED, ok=true, minWireVersion=0, maxWireVersion=17, maxDocumentSize=16777216, logicalSessionTimeoutMinutes=30, roundTripTimeNanos=1176026}
2024-08-11T23:34:56.114-04:00 INFO  [client] MongoClient with metadata {"driver": {"name": "mongo-java-driver|legacy", "version": "4.8.1"}, "os": {"type": "Linux", "name": "Linux", "architecture": "amd64", "version": "5.15.153.1-microsoft-standard-WSL2"}, "platform": "Java/Eclipse Adoptium/17.0.12+7"} created with settings MongoClientSettings{readPreference=primary, writeConcern=WriteConcern{w=null, wTimeout=null ms, journal=null}, retryWrites=true, retryReads=true, readConcern=ReadConcern{level=null}, credential=null, streamFactoryFactory=null, commandListeners=[], codecRegistry=ProvidersCodecRegistry{codecProviders=[ValueCodecProvider{}, BsonValueCodecProvider{}, DBRefCodecProvider{}, DBObjectCodecProvider{}, DocumentCodecProvider{}, CollectionCodecProvider{}, IterableCodecProvider{}, MapCodecProvider{}, GeoJsonCodecProvider{}, GridFSFileCodecProvider{}, Jsr310CodecProvider{}, JsonObjectCodecProvider{}, BsonCodecProvider{}, EnumCodecProvider{}, com.mongodb.Jep395RecordCodecProvider@1b1f5012]}, clusterSettings={hosts=[localhost:27017], srvServiceName=mongodb, mode=SINGLE, requiredClusterType=UNKNOWN, requiredReplicaSetName='null', serverSelector='null', clusterListeners='[]', serverSelectionTimeout='30000 ms', localThreshold='30000 ms'}, socketSettings=SocketSettings{connectTimeoutMS=10000, readTimeoutMS=0, receiveBufferSize=0, sendBufferSize=0}, heartbeatSocketSettings=SocketSettings{connectTimeoutMS=10000, readTimeoutMS=10000, receiveBufferSize=0, sendBufferSize=0}, connectionPoolSettings=ConnectionPoolSettings{maxSize=1000, minSize=0, maxWaitTimeMS=120000, maxConnectionLifeTimeMS=0, maxConnectionIdleTimeMS=0, maintenanceInitialDelayMS=0, maintenanceFrequencyMS=60000, connectionPoolListeners=[], maxConnecting=2}, serverSettings=ServerSettings{heartbeatFrequencyMS=10000, minHeartbeatFrequencyMS=500, serverListeners='[]', serverMonitorListeners='[]'}, sslSettings=SslSettings{enabled=false, invalidHostNameAllowed=false, context=null}, applicationName='null', compressorList=[], uuidRepresentation=UNSPECIFIED, serverApi=null, autoEncryptionSettings=null, contextProvider=null}
2024-08-11T23:34:56.355-04:00 INFO  [FilePersistedNodeIdProvider] Node ID: 42da9f4a-bbe7-4ec9-8262-4f961704c5d3
2024-08-11T23:34:56.642-04:00 INFO  [FilePersistedNodeIdProvider] Node ID: 42da9f4a-bbe7-4ec9-8262-4f961704c5d3
2024-08-11T23:34:56.773-04:00 INFO  [SearchDbPreflightCheck] Connected to (Elastic/Open)Search version <OpenSearch:2.11.1>
2024-08-11T23:34:56.967-04:00 INFO  [Version] HV000001: Hibernate Validator null
2024-08-11T23:34:59.422-04:00 INFO  [InputBufferImpl] Message journal is enabled.
2024-08-11T23:34:59.424-04:00 INFO  [FilePersistedNodeIdProvider] Node ID: 42da9f4a-bbe7-4ec9-8262-4f961704c5d3
2024-08-11T23:34:59.608-04:00 INFO  [LogManager] Loading logs.
2024-08-11T23:34:59.653-04:00 INFO  [LogManager] Logs loading complete.
2024-08-11T23:34:59.655-04:00 INFO  [LocalKafkaJournal] Initialized Kafka based journal at /var/lib/graylog-server/journal
2024-08-11T23:34:59.720-04:00 INFO  [InputBufferImpl] Initialized InputBufferImpl with ring size <65536> and wait strategy <BlockingWaitStrategy>, running 2 parallel message handlers.
2024-08-11T23:34:59.877-04:00 INFO  [RoleServiceImpl] Admin role is missing or invalid, re-adding it as a built-in role.
2024-08-11T23:34:59.928-04:00 INFO  [RoleServiceImpl] Reader role is missing or invalid, re-adding it as a built-in role.
2024-08-11T23:35:01.479-04:00 INFO  [ElasticsearchVersionProvider] Elasticsearch cluster is running OpenSearch:2.11.1
2024-08-11T23:35:01.722-04:00 INFO  [ProcessBuffer] Initialized ProcessBuffer with ring size <65536> and wait strategy <BlockingWaitStrategy>.
2024-08-11T23:35:01.758-04:00 INFO  [OutputBuffer] Initialized OutputBuffer with ring size <65536> and wait strategy <BlockingWaitStrategy>.
2024-08-11T23:35:03.470-04:00 INFO  [DbEntitiesScanner] 13 entities have been scanned and added to DB Entity Catalog, it took 1.122 s
2024-08-11T23:35:04.173-04:00 INFO  [ServerBootstrap] Graylog server 5.2.10+c04b5a4 starting up
2024-08-11T23:35:04.173-04:00 INFO  [ServerBootstrap] JRE: Eclipse Adoptium 17.0.12 on Linux 5.15.153.1-microsoft-standard-WSL2
2024-08-11T23:35:04.174-04:00 INFO  [ServerBootstrap] Deployment: deb
2024-08-11T23:35:04.174-04:00 INFO  [ServerBootstrap] OS: Ubuntu 22.04.4 LTS (jammy)
2024-08-11T23:35:04.174-04:00 INFO  [ServerBootstrap] Arch: amd64
2024-08-11T23:35:04.302-04:00 INFO  [ServerBootstrap] Running 67 migrations...
2024-08-11T23:35:04.438-04:00 INFO  [V20151210140600_AddSearchesClusterConfigMigration] Creating searches cluster config: SearchesClusterConfig{quickAccessTimerangePresets=[], queryTimeRangeLimit=PT0S, relativeTimerangeOptions={PT5M=5 minutes, PT15M=15 minutes, PT30M=30 minutes, PT1H=1 hour, PT2H=2 hours, PT8H=8 hours, P1D=1 day, P2D=2 days, P5D=5 days, P7D=7 days, P14D=14 days, P30D=30 days, PT0S=all messages}, surroundingTimerangeOptions={PT1S=1 second, PT5S=5 seconds, PT10S=10 seconds, PT30S=30 seconds, PT1M=1 minute, PT5M=5 minutes}, surroundingFilterFields=[source, gl2_source_input, file, source_file], analysisDisabledFields=[message, full_message], autoRefreshTimerangeOptions={PT1S=1 second, PT2S=2 second, PT5S=5 seconds, PT10S=10 seconds, PT30S=30 seconds, PT1M=1 minute, PT5M=5 minutes}, defaultAutoRefreshOption=PT5S}
2024-08-11T23:35:04.597-04:00 INFO  [V20161116172200_CreateDefaultStreamMigration] Successfully created default stream: Default Stream
2024-08-11T23:35:04.849-04:00 INFO  [V20180212165000_AddDefaultCollectors] 'graylog_host' sidecar configuration variable is missing, adding it.
2024-08-11T23:35:04.856-04:00 INFO  [V20180212165000_AddDefaultCollectors] filebeat collector on linux is missing, adding it.
2024-08-11T23:35:04.884-04:00 INFO  [V20180212165000_AddDefaultCollectors] 'filebeat-linux-default' sidecar default configuration is missing, adding it.
2024-08-11T23:35:04.906-04:00 INFO  [V20180212165000_AddDefaultCollectors] filebeat collector on freebsd is missing, adding it.
2024-08-11T23:35:04.908-04:00 INFO  [V20180212165000_AddDefaultCollectors] 'filebeat-freebsd-default' sidecar default configuration is missing, adding it.
2024-08-11T23:35:04.911-04:00 INFO  [V20180212165000_AddDefaultCollectors] filebeat collector on darwin is missing, adding it.
2024-08-11T23:35:04.914-04:00 INFO  [V20180212165000_AddDefaultCollectors] 'filebeat-darwin-default' sidecar default configuration is missing, adding it.
2024-08-11T23:35:04.916-04:00 INFO  [V20180212165000_AddDefaultCollectors] auditbeat collector on linux is missing, adding it.
2024-08-11T23:35:04.919-04:00 INFO  [V20180212165000_AddDefaultCollectors] 'auditbeat-linux-default' sidecar default configuration is missing, adding it.
2024-08-11T23:35:04.924-04:00 INFO  [V20180212165000_AddDefaultCollectors] winlogbeat collector on windows is missing, adding it.
2024-08-11T23:35:04.928-04:00 INFO  [V20180212165000_AddDefaultCollectors] 'winlogbeat-default' sidecar default configuration is missing, adding it.
2024-08-11T23:35:04.932-04:00 INFO  [V20180212165000_AddDefaultCollectors] nxlog collector on linux is missing, adding it.
2024-08-11T23:35:04.938-04:00 INFO  [V20180212165000_AddDefaultCollectors] nxlog collector on windows is missing, adding it.
2024-08-11T23:35:04.986-04:00 INFO  [MigrationHelpers] Sidecar System (Internal) role is missing or invalid, re-adding it as a built-in role.
2024-08-11T23:35:04.990-04:00 INFO  [MigrationHelpers] graylog-sidecar user is missing or invalid, re-adding it as a built-in user.
2024-08-11T23:35:05.117-04:00 INFO  [V20180601151500_AddDefaultConfiguration] Creating Sidecar cluster config: SidecarConfiguration{sidecarExpirationThreshold=P14D, sidecarInactiveThreshold=PT1M, sidecarUpdateInterval=PT30S, sidecarSendStatus=true, sidecarConfigurationOverride=false}
2024-08-11T23:35:06.167-04:00 INFO  [MigrationHelpers] Views Manager role is missing or invalid, re-adding it as a built-in role.
2024-08-11T23:35:06.172-04:00 INFO  [V20190127111728_MigrateWidgetFormatSettings] Migration completed. 0 views where migrated.
2024-08-11T23:35:06.196-04:00 INFO  [V20190705071400_AddEventIndexSetsMigration] Successfully created events index-set <66b982eaafa0fb7a5585c1f4/Graylog Events>
2024-08-11T23:35:06.199-04:00 INFO  [V20190705071400_AddEventIndexSetsMigration] Successfully created events stream <000000000000000000000002/All events>
2024-08-11T23:35:06.203-04:00 INFO  [V20190705071400_AddEventIndexSetsMigration] Successfully created events index-set <66b982eaafa0fb7a5585c1f5/Graylog System Events>
2024-08-11T23:35:06.205-04:00 INFO  [V20190705071400_AddEventIndexSetsMigration] Successfully created events stream <000000000000000000000003/All system events>
2024-08-11T23:35:06.281-04:00 INFO  [MigrationHelpers] Alerts Manager role is missing or invalid, re-adding it as a built-in role.
2024-08-11T23:35:06.302-04:00 INFO  [V20191121145100_FixDefaultGrokPatterns] Skipping migration of modified default Grok Pattern 'COMMONAPACHELOG'.
2024-08-11T23:35:06.324-04:00 INFO  [V20191129134600_CreateInitialUrlWhitelist] Created 0 whitelist entries from URLs configured in data adapters and event notifications.
2024-08-11T23:35:06.375-04:00 INFO  [MigrationHelpers] Dashboard Creator role is missing or invalid, re-adding it as a built-in role.
2024-08-11T23:35:06.378-04:00 INFO  [MigrationHelpers] Event Definition Creator role is missing or invalid, re-adding it as a built-in role.
2024-08-11T23:35:06.380-04:00 INFO  [MigrationHelpers] Event Notification Creator role is missing or invalid, re-adding it as a built-in role.
2024-08-11T23:35:06.381-04:00 INFO  [MigrationHelpers] User Inspector role is missing or invalid, re-adding it as a built-in role.
2024-08-11T23:35:06.383-04:00 INFO  [MigrationHelpers] Pipelines Manager role is missing or invalid, re-adding it as a built-in role.
2024-08-11T23:35:06.408-04:00 INFO  [V20211221144300_GeoIpResolverConfigMigration] Updating 'cluster_config' collection.
2024-08-11T23:35:06.409-04:00 INFO  [V20211221144300_GeoIpResolverConfigMigration] Planned Updates: Updates{updates=[Update{fieldName='payload.enforce_graylog_schema', operator='$set', value=false}, Update{fieldName='payload.db_type', operator='$rename', value=payload.db_vendor_type}, Update{fieldName='payload.db_path', operator='$rename', value=payload.city_db_path}, Update{fieldName='payload.asn_db_path', operator='$set', value=}]}
2024-08-11T23:35:06.411-04:00 INFO  [V20211221144300_GeoIpResolverConfigMigration] Update Result: AcknowledgedUpdateResult{matchedCount=0, modifiedCount=0, upsertedId=null}
2024-08-11T23:35:06.412-04:00 INFO  [V20211221144300_GeoIpResolverConfigMigration] Setting default vendor: Update{fieldName='payload.db_vendor_type', operator='$set', value=MAXMIND}
2024-08-11T23:35:06.414-04:00 INFO  [V20211221144300_GeoIpResolverConfigMigration] Default Vendor Update Result: AcknowledgedUpdateResult{matchedCount=0, modifiedCount=0, upsertedId=null}
2024-08-11T23:35:06.419-04:00 INFO  [V20220622071600_MigratePagerDutyV1] Updating 'event_notifications' collection.
2024-08-11T23:35:06.420-04:00 INFO  [V20220622071600_MigratePagerDutyV1] Updating config.type from pagerduty-notification-v1 to pagerduty-notification-v2
2024-08-11T23:35:06.420-04:00 INFO  [V20220622071600_MigratePagerDutyV1] Update result: AcknowledgedUpdateResult{matchedCount=0, modifiedCount=0, upsertedId=null}
2024-08-11T23:35:06.431-04:00 INFO  [V20220719130704_ImprovedDefaultProcessingOrderMigration] Fresh Graylog installation detected. Applying new default Message Processor order.
2024-08-11T23:35:06.737-04:00 INFO  [MigrationHelpers] Sidecar Manager role is missing or invalid, re-adding it as a built-in role.
2024-08-11T23:35:06.739-04:00 INFO  [MigrationHelpers] Sidecar Reader role is missing or invalid, re-adding it as a built-in role.
2024-08-11T23:35:06.777-04:00 INFO  [V202305221200_MigrateTimerangeOptionsToTimerangePresets] Migration created 13 new entries in quickAccessTimerangePresets list, based on relativeTimerangeOptions list
2024-08-11T23:35:07.072-04:00 INFO  [MigrationHelpers] Field Type Mappings Manager role is missing or invalid, re-adding it as a built-in role.
2024-08-11T23:35:07.112-04:00 INFO  [PeriodicalsService] Starting 26 periodicals ...
2024-08-11T23:35:07.112-04:00 INFO  [Periodicals] Starting [org.graylog2.periodical.ThroughputCalculator] periodical in [0s], polling every [1s].
2024-08-11T23:35:07.115-04:00 INFO  [Periodicals] Starting [org.graylog.plugins.pipelineprocessor.periodical.LegacyDefaultStreamMigration] periodical, running forever.
2024-08-11T23:35:07.117-04:00 INFO  [Periodicals] Starting [org.graylog2.periodical.ClusterHealthCheckThread] periodical in [120s], polling every [20s].
2024-08-11T23:35:07.118-04:00 INFO  [PeriodicalsService] Not starting [org.graylog2.periodical.ContentPackLoaderPeriodical] periodical. Not configured to run on this node.
2024-08-11T23:35:07.122-04:00 INFO  [Periodicals] Starting [org.graylog2.periodical.IndexerClusterCheckerThread] periodical in [5s], polling every [30s].
2024-08-11T23:35:07.122-04:00 INFO  [Periodicals] Starting [org.graylog2.periodical.IndexBlockCheck] periodical in [0s], polling every [30s].
2024-08-11T23:35:07.123-04:00 INFO  [Periodicals] Starting [org.graylog2.periodical.IndexRetentionThread] periodical in [0s], polling every [300s].
2024-08-11T23:35:07.131-04:00 INFO  [Periodicals] Starting [org.graylog2.periodical.IndexRotationThread] periodical in [0s], polling every [10s].
2024-08-11T23:35:07.132-04:00 INFO  [Periodicals] Starting [org.graylog2.periodical.NodePingThread] periodical in [0s], polling every [1s].
2024-08-11T23:35:07.132-04:00 INFO  [Periodicals] Starting [org.graylog2.periodical.LeaderPresenceCheckPeriodical] periodical in [0s], polling every [5s].
2024-08-11T23:35:07.132-04:00 INFO  [Periodicals] Starting [org.graylog2.periodical.VersionCheckThread] periodical in [300s], polling every [1800s].
2024-08-11T23:35:07.132-04:00 INFO  [Periodicals] Starting [org.graylog2.periodical.ThrottleStateUpdaterThread] periodical in [1s], polling every [1s].
2024-08-11T23:35:07.132-04:00 INFO  [Periodicals] Starting [org.graylog2.events.ClusterEventPeriodical] periodical in [0s], polling every [1s].
2024-08-11T23:35:07.133-04:00 INFO  [Periodicals] Starting [org.graylog2.events.ClusterEventCleanupPeriodical] periodical in [0s], polling every [86400s].
2024-08-11T23:35:07.133-04:00 INFO  [Periodicals] Starting [org.graylog2.periodical.IndexRangesCleanupPeriodical] periodical in [15s], polling every [3600s].
2024-08-11T23:35:07.133-04:00 INFO  [Periodicals] Starting [org.graylog2.periodical.TrafficCounterCalculator] periodical in [0s], polling every [1s].
2024-08-11T23:35:07.133-04:00 INFO  [Periodicals] Starting [org.graylog2.indexer.fieldtypes.IndexFieldTypePollerPeriodical] periodical in [0s], polling every [1s].
2024-08-11T23:35:07.133-04:00 INFO  [Periodicals] Starting [org.graylog.scheduler.periodicals.ScheduleTriggerCleanUp] periodical in [120s], polling every [86400s].
2024-08-11T23:35:07.134-04:00 INFO  [Periodicals] Starting [org.graylog2.periodical.ESVersionCheckPeriodical] periodical in [0s], polling every [30s].
2024-08-11T23:35:07.134-04:00 INFO  [Periodicals] Starting [org.graylog2.periodical.UserSessionTerminationPeriodical] periodical, running forever.
2024-08-11T23:35:07.134-04:00 INFO  [Periodicals] Starting [org.graylog2.telemetry.cluster.TelemetryClusterInfoPeriodical] periodical in [0s], polling every [540s].
2024-08-11T23:35:07.135-04:00 INFO  [Periodicals] Starting [org.graylog2.bootstrap.preflight.GraylogCertificateProvisioningPeriodical] periodical in [2s], polling every [2s].
2024-08-11T23:35:07.135-04:00 INFO  [Periodicals] Starting [org.graylog.plugins.sidecar.periodical.PurgeExpiredSidecarsThread] periodical in [0s], polling every [600s].
2024-08-11T23:35:07.135-04:00 INFO  [Periodicals] Starting [org.graylog.plugins.sidecar.periodical.PurgeExpiredConfigurationUploads] periodical in [0s], polling every [600s].
2024-08-11T23:35:07.135-04:00 INFO  [Periodicals] Starting [org.graylog.plugins.views.search.db.SearchesCleanUpJob] periodical in [3600s], polling every [28800s].
2024-08-11T23:35:07.136-04:00 INFO  [Periodicals] Starting [org.graylog.events.periodicals.EventNotificationStatusCleanUp] periodical in [120s], polling every [86400s].
2024-08-11T23:35:07.152-04:00 INFO  [UserSessionTerminationService] Globally terminated 0 session(s)
2024-08-11T23:35:07.152-04:00 INFO  [LegacyDefaultStreamMigration] Legacy default stream has no connections, no migration needed.
2024-08-11T23:35:08.338-04:00 INFO  [NetworkListener] Started listener bound to [0.0.0.0:9000]
2024-08-11T23:35:08.339-04:00 INFO  [HttpServer] [HttpServer] Started.
2024-08-11T23:35:08.340-04:00 INFO  [JerseyService] Started REST API at <0.0.0.0:9000>
2024-08-11T23:35:08.340-04:00 INFO  [ServiceManagerListener] Services are healthy
2024-08-11T23:35:08.341-04:00 INFO  [ServerBootstrap] Services started, startup times in ms: {UserSessionTerminationService [RUNNING]=0, NotificationSystemEventPublisher [RUNNING]=0, GracefulShutdownService [RUNNING]=0, InputSetupService [RUNNING]=0, LocalKafkaMessageQueueReader [RUNNING]=1, UrlWhitelistService [RUNNING]=1, FailureHandlingService [RUNNING]=1, BufferSynchronizerService [RUNNING]=1, LocalKafkaMessageQueueWriter [RUNNING]=1, PrometheusExporter [RUNNING]=2, MongoDBProcessingStatusRecorderService [RUNNING]=2, OutputSetupService [RUNNING]=2, JobSchedulerService [RUNNING]=5, EtagService [RUNNING]=6, LocalKafkaJournal [RUNNING]=7, StreamCacheService [RUNNING]=7, GeoIpDbFileChangeMonitorService [RUNNING]=8, LookupTableService [RUNNING]=12, PeriodicalsService [RUNNING]=24, ConfigureCertRenewalJobOnStartupService [RUNNING]=103, JerseyService [RUNNING]=1228}
2024-08-11T23:35:08.341-04:00 INFO  [InputSetupService] Triggering launching persisted inputs, node transitioned from Uninitialized [LB:DEAD] to Running [LB:ALIVE]
2024-08-11T23:35:08.343-04:00 INFO  [ServerBootstrap] Graylog server up and running.

However, I still cannot connect to the UI using my internet browser (Chrome) via http://127.0.0.1:9000. I get ‘refused to connect’. I can curl it without using credentials now though:

<html>
  <head>
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="robots" content="noindex, nofollow">
    <meta charset="UTF-8">
    <title>Graylog Web Interface</title>
    <link rel="shortcut icon" href="/assets/favicon.png">

  </head>
  <body>
    <div id="app-root" />
    <script nonce="78431311-ac7b-4ee2-ac34-322fff738537" src="/config.js"></script>

    <script nonce="78431311-ac7b-4ee2-ac34-322fff738537" src="/assets/vendor.f53e43520a75fcc21e18.js"></script>

    <script nonce="78431311-ac7b-4ee2-ac34-322fff738537" src="/assets/polyfill.832c4bba8380a55357ca.js"></script>

    <script nonce="78431311-ac7b-4ee2-ac34-322fff738537" src="/assets/app.65d160fe7fa0f94b007c.js"></script>

    <script nonce="78431311-ac7b-4ee2-ac34-322fff738537" src="/assets/07ba022f-924.dd1e792bacba899a1a50.js"></script>

    <script nonce="78431311-ac7b-4ee2-ac34-322fff738537" src="/assets/07ba022f-5785.88eeb59001f57dca0190.js"></script>

  </body>
</html>

Does it take some time for the UI to be reachable? Am I accessing it with the correct address, i.e. http://127.0.0.1:9000? Could it be a resource issue, i.e. not enough memory? I am using a small laptop, only has 16 GB of RAM.

Hey @geraj1010, when you configure:

http_bind_address = 0.0.0.0:9000

in your Server.conf file, this is a wildcard address. That means the bind address, which by default is the address from which your web interfaces are accessed, uses the first non-loopback address on this system. Make sure any iptables or firewalls are configured correctly to access graylog. You can probably access your Server using the public ip or hostname

Hi @Marvin1, That was the trick! I had to use the eth0 IP address listed from ifconfig, port 9000. I am in now. Some applications I have used, I’ve accessed them through the localhost, so I was just stuck on that ha.

Thank you all for the help!

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.