Could not execute search Search code 500 / Red Orange running inputs

1. Describe your incident:

I created some inputs and allowed some network traffic from firewall perpsective towards my graylog server.

I noticed that it took some time to show the recieved messages.

I am now getting an “Could not exectute search search code 500”

After the reboot of the server, the green running inputs would turn orange/red

2. Describe your environment:

• OS Information:
  CentOS Linux release 7.5.1804 (Core)

• Package Version:
  elasticsearch.noarch 5.6.10-1
  graylog-2.4-repository.noarch 1-6
  graylog-server.noarch 2.4.6-1
  mongodb-org.x86_64 3.6.6-1.el7
  mongodb-org-mongos.x86_64 3.6.6-1.el7
  mongodb-org-server.x86_64 3.6.6-1.el7
  mongodb-org-shell.x86_64 3.6.6-1.el7
  mongodb-org-tools.x86_64 3.6.6-1.el7

• Service logs, configurations, and environment variables:

3. What steps have you already taken to try and solve the problem?

reboot the server, remove firewall rules

4. How can the community help?

I dont know where/what to check and how to fix same and would be grateful if you could assist.

It looks like you are running a very, very old version of Graylog 2.4. I recommend that you upgrade.

With that said, you sill need to check the health of your elasticsearch cluster, see Cluster health API | Elasticsearch Guide [8.12] | Elastic . Documentation may not line up exactly since elasticsearch 5.6 is also very, very old.

It sounds like your elasticsearch cluster is red. This means that some of your shards or offline. There are many reasons for this so you’ll need to do some troubleshooting. This page is a good place to start Red or yellow cluster status | Elasticsearch Guide [8.12] | Elastic

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.