Hi Team,
As per suggestion on “GUI not coming up”, I had commented the lines and my issue got resolved.
After that I had installed a rsyslog on my server (graylog+eleasticsearch+mongoDB) to get the logs. After configuring inputs I am getting below error message (screenshot attached)
Kindly find below information for reference
cat /etc/graylog/server/server.conf
is_master = true
node_id_file = /etc/graylog/server/node-id
password_secret = XKckIYzFxYcbRpcbOlWopPuLvg61gkDUmlgTHIf95nfIORlIze9FOoJgyp2MEwYBQzXyaYZDHtABSyPbBBpicPBk4KiYDPp9
root_username = admin
root_password_sha2 = 4bbdd5a829dba09d7a7ff4c1367be7d36a017b4267d728d31bd264f63debeaa6
bin_dir = /usr/share/graylog-server/bin
data_dir = /var/lib/graylog-server
plugin_dir = /usr/share/graylog-server/plugin
http_bind_address = <srver-ip>:9000
http_enable_cors = true
http_max_header_size = 8192
http_thread_pool_size = 16
http_enable_tls = false
elasticsearch_hosts = http://<srver-ip>:9200
rotation_strategy = count
elasticsearch_max_docs_per_index = 20000000
elasticsearch_max_number_of_indices = 20
retention_strategy = delete
elasticsearch_shards = 4
elasticsearch_replicas = 0
elasticsearch_index_prefix = graylog
allow_leading_wildcard_searches = false
allow_highlighting = false
elasticsearch_analyzer = standard
output_batch_size = 500
output_flush_interval = 1
output_fault_count_threshold = 5
output_fault_penalty_seconds = 30
processbuffer_processors = 5
outputbuffer_processors = 3
processor_wait_strategy = blocking
ring_size = 65536
inputbuffer_ring_size = 65536
inputbuffer_processors = 2
inputbuffer_wait_strategy = blocking
message_journal_enabled = true
message_journal_dir = /var/lib/graylog-server/journal
lb_recognition_period_seconds = 3
mongodb_uri = mongodb://localhost/graylog
mongodb_max_connections = 1000
mongodb_threads_allowed_to_block_multiplier = 5
proxied_requests_thread_pool_size = 32
cat /etc/elasticsearch/elasticsearch.yml
cluster.name: graylog
action.auto_create_index: false
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
cat /etc/rsyslog.conf
$ModLoad imudp
$UDPServerRun 514
$ModLoad imtcp
$InputTCPServerRun 514
$WorkDirectory /var/lib/rsyslog
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
$IncludeConfig /etc/rsyslog.d/*.conf
$OmitLocalLogging on
$IMJournalStateFile imjournal.state
*.info;mail.none;authpriv.none;cron.none /var/log/messages
authpriv.* /var/log/secure
mail.* -/var/log/maillog
cron.* /var/log/cron
*.emerg :omusrmsg:*
uucp,news.crit /var/log/spooler
local7.* /var/log/boot.log
*.* @127.0.0.1:5140
view /var/log/graylog-server/server.log
2019-05-31T08:57:05.122Z ERROR [Messages] Caught exception during bulk indexing: io.searchbox.client.config.exception.CouldNotConnectException: Could not connect to http://10.132.244.105:9200, retrying (attempt #68).
2019-05-31T08:57:13.254Z ERROR [Cluster] Couldn't read cluster health for indices [graylog_*] (Could not connect to http://<server-ip>:9200)
2019-05-31T08:57:13.254Z INFO [IndexerClusterCheckerThread] Indexer not fully initialized yet. Skipping periodic cluster check.
2019-05-31T08:57:35.124Z ERROR [Messages] Caught exception during bulk indexing: io.searchbox.client.config.exception.CouldNotConnectException: Could not connect to http://10.132.244.105:9200, retrying (attempt #69).
2019-05-31T08:57:43.254Z ERROR [Cluster] Couldn't read cluster health for indices [graylog_*] (Could not connect to http://<server-ip>:9200)
2019-05-31T08:57:43.254Z INFO [IndexerClusterCheckerThread] Indexer not fully initialized yet. Skipping periodic cluster check.
2019-05-31T08:57:43.595Z WARN [IndexFieldTypePollerPeriodical] Interrupted or timed out waiting for Elasticsearch cluster, checking again.
2019-05-31T08:57:43.782Z WARN [V20161130141500_DefaultStreamRecalcIndexRanges] Interrupted or timed out waiting for Elasticsearch cluster, checking again.
view /var/log/elasticsearch/graylog.log
[2019-05-31T07:19:43,456][INFO ][o.e.d.DiscoveryModule ] [rh_36xx] using discovery type [zen] and host providers [settings]
[2019-05-31T07:19:44,122][INFO ][o.e.n.Node ] [rh_36xx] initialized
[2019-05-31T07:19:44,122][INFO ][o.e.n.Node ] [rh_36xx] starting ...
[2019-05-31T07:19:44,364][INFO ][o.e.t.TransportService ] [rh_36xx] publish_address {127.0.0.1:9300}, bound_addresses {127.0.0.1:9300}
[2019-05-31T07:19:44,387][WARN ][o.e.b.BootstrapChecks ] [rh_36xx] system call filters failed to install; check the logs and fix your configuration or disable system call filters at your own risk
[2019-05-31T07:19:47,546][INFO ][o.e.c.s.MasterService ] [rh_36xx] zen-disco-elected-as-master ([0] nodes joined), reason: new_master {rh_36xx}{rh_36xxHSS2I9Xx2zmkByw}{3ZYyTJydR02knSZ4JgCrnw}{127.0.0.1}{127.0.0.1:9300}
[2019-05-31T07:19:47,550][INFO ][o.e.c.s.ClusterApplierService] [rh_36xx] new_master {rh_36xx}{rh_36xxHSS2I9Xx2zmkByw}{3ZYyTJydR02knSZ4JgCrnw}{127.0.0.1}{127.0.0.1:9300}, reason: apply cluster state (from master [master {rh_36xx}{rh_36xxHSS2I9Xx2zmkByw}{3ZYyTJydR02knSZ4JgCrnw}{127.0.0.1}{127.0.0.1:9300} committed version [1] source [zen-disco-elected-as-master ([0] nodes joined)]])
[2019-05-31T07:19:47,596][INFO ][o.e.h.n.Netty4HttpServerTransport] [rh_36xx] publish_address {127.0.0.1:9200}, bound_addresses {127.0.0.1:9200}
[2019-05-31T07:19:47,596][INFO ][o.e.n.Node ] [rh_36xx] started
[2019-05-31T07:19:47,675][INFO ][o.e.g.GatewayService ] [rh_36xx] recovered [0] indices into cluster_state