I have install graylog on my server with following components version on CentOS 7 64bit
graylog-server 3.0 (2.3 & 2.4 was throwing strange rpm error)
I have configured input syslog 5514 port and its running.
But i am getting error “Deflector exists as an index and is not an alias”, i can see my test syslog messages going in index" but i can’t search any logs or do anything.
I have google everywhere and found many many post with same error message and i have tried every single steps but none of them help me.
I have tried this article also but no luck: http://docs.graylog.org/en/2.4/pages/faq.html#how-do-i-fix-the-deflector-exists-as-an-index-and-is-not-an-alias-error-message
I have upgrade elasticsearch to 6.x also but they didn’t help me too, at this point i am just frustrated and no idea what and where stuff is broken…
Please help me to debug this issue because that error doesn’t explaining anything.
jan
October 23, 2018, 7:12am
2
simple follow the steps in:
http://docs.graylog.org/en/2.4/pages/faq.html#how-do-i-fix-the-deflector-exists-as-an-index-and-is-not-an-alias-error-message
That is the solution.
You know that 3.0 is pre-release and not created for production - right? The stable release is 2.4.6 (at the time of writing this)
3.0 was under stable branch so I thought its good to have latest software and I pick that up.
I tried to downgrade and end up tons of error but anyway I will rekick box.
Do you have any preference on elasticsearch version? Or mongodb?
jan
October 23, 2018, 12:11pm
4
Where was 3.0 listed as stable? Could you please give me the point.
We have covered everything in the documentation: http://docs.graylog.org/en/2.4/pages/installation/operating_system_packages.html#step-by-step-guides
Just follow the step-by-step guides and you will have a stable running system.
Here you go! what is wrong here, it’s just installing 3.0, even i don’t have repo configured for 3.0, i did yum clean too
also this URL is broken, page not found: https://packages.graylog2.org/repo/el/stable/2.4/$basearch/
[root@graylog ~]# cat /etc/yum.repos.d/graylog.repo
[graylog]
name=graylog
baseurl=https://packages.graylog2.org/repo/el/stable/2.4/$basearch/
gpgcheck=1
repo_gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-graylog
[root@graylog ~]#
[root@graylog ~]#
[root@graylog ~]#
[root@graylog ~]# yum install graylog-server
Loaded plugins: fastestmirror, langpacks
base | 3.6 kB 00:00:00
elasticsearch-5.x | 1.3 kB 00:00:00
epel/x86_64/metalink | 16 kB 00:00:00
epel | 3.2 kB 00:00:00
extras | 3.4 kB 00:00:00
mongodb-org-3.4 | 2.5 kB 00:00:00
updates | 3.4 kB 00:00:00
(1/9): elasticsearch-5.x/primary | 148 kB 00:00:00
(2/9): base/7/x86_64/group_gz | 166 kB 00:00:00
(3/9): epel/x86_64/group_gz | 88 kB 00:00:00
(4/9): epel/x86_64/updateinfo | 932 kB 00:00:00
(5/9): epel/x86_64/primary | 3.6 MB 00:00:00
(6/9): mongodb-org-3.4/7/primary_db | 73 kB 00:00:00
(7/9): extras/7/x86_64/primary_db | 204 kB 00:00:00
(8/9): base/7/x86_64/primary_db | 5.9 MB 00:00:01
(9/9): updates/7/x86_64/primary_db | 6.0 MB 00:00:02
Determining fastest mirrors
* base: mirror.fileplanet.com
* epel: mirror.metrocast.net
* extras: mirror.ash.fastserv.com
* updates: mirror.oss.ou.edu
elasticsearch-5.x 386/386
epel 12742/12742
Resolving Dependencies
--> Running transaction check
---> Package graylog-server.noarch 0:3.0.0-2.alpha.2 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
=====================================================================================================================================================================================
Package Arch Version Repository Size
=====================================================================================================================================================================================
Installing:
graylog-server noarch 3.0.0-2.alpha.2 graylog 92 M
Transaction Summary
=====================================================================================================================================================================================
Install 1 Package
Total download size: 92 M
Installed size: 103 M
Is this ok [y/d/N]: n
never mind, after modifying repo file to following it work, look like something was cached somewhere
[graylog-foo]
name=graylog-foo
baseurl=https://packages.graylog2.org/repo/el/stable/2.4/$basearch/
gpgcheck=1
repo_gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-graylog
Anyway now i am seeing no error and looks good and i sending some logs from Cisco switches but they are not showing up in search does graylog takes some time to process logs or its realtime?
after google i found you need to change timestamp because graylog use UTS and my all switches use EST so this is what i did in server.conf file
root_timezone = America/New_York
now in System/Overview i can see timestamp in EST but still not processing logs what else i should check?
system
November 6, 2018, 2:55pm
7
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
