Could not get JVM information (System/Nodes)

Before you post: Your responses to these questions will help the community help you. Please complete this template if you’re asking a support question.
Don’t forget to select tags to help index your topic!

1. Describe your incident:
Hi, I have recently updated to v5.1, and changed my LAN domain (name) … not sure if this issue is due to these items or not, but seeing these errors on the main screen,

2. Describe your environment:

  • OS Information: Ubuntu 22.04.2 LTS

  • Package Version: v5.1

  • Service logs, configurations, and environment variables:

3. What steps have you already taken to try and solve the problem?
I have tried restarting the service, but it is running. I see a lot of warnings in the log, but thinking that’s not it.

I do also see that my input is not running, and will not start (from the GUI).

4. How can the community help?
Any and all pointers … LOL. Not sure what else to try here. Is there a place where the FQDN of the input can be modified? Thanks!

Helpful Posting Tips: Tips for Posting Questions that Get Answers [Hold down CTRL and link on link to open tips documents in a separate tab]

Hey @arrmo

If you change you LAN domain double check the following :

  • certificate/s
  • Keystore
  • permission on both
  • configuration file

Check the log files from MongDb and Graylog by “tail’ing” them. Look for error/warning, permission and/or certificate issues.

When using TCP/TLS that a good sign its you certificates.

Appreciate the pointers! I did tail, as you say - nothing at all (odd) in mongodb … meaning no warnings or errors. A couple things in graylog.log,

2023-07-22T06:47:25.553-05:00 WARN  [RestClient] request [GET*/_alias?ignore_throttled=false&ignore_unavailable=false&expand_wildcards=open&allow_no_indices=false] returned 1 warnings: [299 Elasticsearch-7.17.11-eeedb98c60326ea3d46caef960fb4c77958fb885 "[ignore_throttled] parameter is deprecated because frozen indices have been deprecated. Consider cold or frozen tiers in place of frozen indices."]


2023-07-22T06:47:26.586-05:00 WARN  [ProxiedResource] Failed to call API on node <507642b5-087d-4ad4-89ba-3a1cb1b15aed>, cause: timeout (duration: 1000 ms)

Not sure either of these are the issue or not?

FYI, I’m not using HTTPS (and hence TLS) - I think :laughing:. I directly access the server, on port 9000 - using HTTP. So no certificates involved?


OK, more digging - tried editing /etc/hosts, in case of DNS issues (those seem to have been reported), no joy. I do see that the Node is noted as,

507642b5 / localhost

So localhost - OK. But, still lots of this in the logs,

2023-07-24T18:16:47.152-05:00 WARN  [ProxiedResource] Failed to call API on node <507642b5-087d-4ad4-89ba-3a1cb1b15aed>, cause: Connect timed out (duration: 1001 ms)
2023-07-24T18:16:47.162-05:00 WARN  [ProxiedResource] Failed to call API on node <507642b5-087d-4ad4-89ba-3a1cb1b15aed>, cause: timeout (duration: 5001 ms)

Any suggestions appreciated.


Hey @arrmo

I see that you use loop back address for opensearch.
As for your TCP/TLS configurations, simple example should look like this if your using a DNS server /w FQDN ensure there is a reverse lookup (pointer record).

http_bind_address = graylog.domain:9000
http_publish_uri = https://graylog.domain:9000/
http_enable_cors = true
http_enable_tls = true
http_tls_cert_file = /etc/ssl/certs/graylog/graylog-certificate.pem
http_tls_key_file = /etc/ssl/certs/graylog/graylog-key.pem
http_tls_key_password = secret

Hosts file (/etc/hosts) helps

Next ensure the certificate can be accessed by Graylog, a forsure way is putting them in Graylog home directory, because graylog owns it home directory.
Last, check you java keystore make sure you have the correct certificate in there if you useing JAVA default keystore ( CACERTS) Graylog should pick it up without configurations, but if not you can find more here

Thanks! Will definitely dig into this, but … I’m not using HTTPS, rather only HTTP. So not thinking this is a cert issue?

Hey @arrmo

understood, if you can show you configuration file here. just mark out you personal stuff.

That fixed it! Indirectly :laughing:.

I did a grep, to get you the info - somehow on the latest upgrade, http_publish_uri got messed up (was all trashed). Grepping the file helped me to see that. Fixed it, restarted … and up and running again.


1 Like

:laughing: Awesome glad to assist :+1:


This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.