Before you post: Your responses to these questions will help the community help you. Please complete this template if you’re asking a support question. Don’t forget to select tags to help index your topic!
1. Describe your incident:
Hi, I have recently updated to v5.1, and changed my LAN domain (name) … not sure if this issue is due to these items or not, but seeing these errors on the main screen,
Service logs, configurations, and environment variables:
3. What steps have you already taken to try and solve the problem?
I have tried restarting the service, but it is running. I see a lot of warnings in the log, but thinking that’s not it.
I do also see that my input is not running, and will not start (from the GUI).
4. How can the community help?
Any and all pointers … LOL. Not sure what else to try here. Is there a place where the FQDN of the input can be modified? Thanks!
Appreciate the pointers! I did tail, as you say - nothing at all (odd) in mongodb … meaning no warnings or errors. A couple things in graylog.log,
2023-07-22T06:47:25.553-05:00 WARN [RestClient] request [GET http://127.0.0.1:9200/gl-system-events_*/_alias?ignore_throttled=false&ignore_unavailable=false&expand_wildcards=open&allow_no_indices=false] returned 1 warnings: [299 Elasticsearch-7.17.11-eeedb98c60326ea3d46caef960fb4c77958fb885 "[ignore_throttled] parameter is deprecated because frozen indices have been deprecated. Consider cold or frozen tiers in place of frozen indices."]
and,
2023-07-22T06:47:26.586-05:00 WARN [ProxiedResource] Failed to call API on node <507642b5-087d-4ad4-89ba-3a1cb1b15aed>, cause: timeout (duration: 1000 ms)
Not sure either of these are the issue or not?
FYI, I’m not using HTTPS (and hence TLS) - I think . I directly access the server, on port 9000 - using HTTP. So no certificates involved?
OK, more digging - tried editing /etc/hosts, in case of DNS issues (those seem to have been reported), no joy. I do see that the Node is noted as,
507642b5 / localhost
So localhost - OK. But, still lots of this in the logs,
2023-07-24T18:16:47.152-05:00 WARN [ProxiedResource] Failed to call API on node <507642b5-087d-4ad4-89ba-3a1cb1b15aed>, cause: Connect timed out (duration: 1001 ms)
2023-07-24T18:16:47.162-05:00 WARN [ProxiedResource] Failed to call API on node <507642b5-087d-4ad4-89ba-3a1cb1b15aed>, cause: timeout (duration: 5001 ms)
I see that you use loop back address 127.0.0.1 for opensearch.
As for your TCP/TLS configurations, simple example should look like this if your using a DNS server /w FQDN ensure there is a reverse lookup (pointer record).
Next ensure the certificate can be accessed by Graylog, a forsure way is putting them in Graylog home directory, because graylog owns it home directory.
Last, check you java keystore make sure you have the correct certificate in there if you useing JAVA default keystore ( CACERTS) Graylog should pick it up without configurations, but if not you can find more here
I did a grep, to get you the info - somehow on the latest upgrade, http_publish_uri got messed up (was all trashed). Grepping the file helped me to see that. Fixed it, restarted … and up and running again.
. I directly access the server, on port 9000 - using HTTP. So no certificates involved?