Hey everyone, we receive following error in Graylog: “Error in Deflector exists as an index and is not an alias. (triggered an hour ago)
The deflector is meant to be an alias but exists as an index. Multiple failures of infrastructure can lead to this. Your messages are still indexed but searches and all maintenance tasks will fail or produce incorrect results”.
Also, under System/Overview in log this is replicating “There is no index target to point to. Creating one now”.
We are running Elasticsearch 1.7.3, Mongodb 3.4.15, and Graylog-Server 2.3.2 on Ubuntu Server 16.04. All is running on same server.
Also this from Local Inputs - Syslog UDP Traffic (yes, we modified rsyslog.conf for binding address and changed port 5140):
allow_override_date: true
bind_address: 127.0.0.1
expand_structured_data: false
force_rdns: false
override_source:
port: 5140
recv_buffer_size: 262144
store_full_message: false
This is our first Graylog server so I am new at this. Any help will be greatly appreciated. Hope to get over this hurdle soon. It’s getting really late here.
We are running Elasticsearch 1.7.3, Mongodb 3.4.15, and Graylog-Server 2.3.2 on Ubuntu Server 16.04. All is running on same server.
I’m pretty sure that one of the above Versions does not match - Elasticsearch or Graylog - as those both are not compatible. If they work you are in unsupported stage that was never tested!
OK. We updated Elasticsearch to 2.3.5, Mongodb is 3.4.15 and Graylog-Server is 2.4.5 but still receiving the same message:
Deflector exists as an index and is not an alias. (triggered 11 minutes ago)
The deflector is meant to be an alias but exists as an index. Multiple failures of infrastructure can lead to this. Your messages are still indexed but searches and all maintenance tasks will fail or produce incorrect results. It is strongly recommend that you act as soon as possible.
When we go to “Show Received Messages” under Local Input it says “Loading”.
Jochen, that resolved our issue. It is now logging!!! Thank you and everyone for your time and assistance in getting graylog up and running. Plus, you have lots of great docs to research for issues. We have another client in need of SIEM Logging server. We will go with Graylog.