Elastic template name change does not work

Graylog Central (peer support)
1

Hi,
I’m using Graylog 4.1 and I need to change default elastic template name.
Looking https://docs.graylog.org/docs/server-conf I found:

elasticsearch_template_name = graylog-internal
Name of the Elasticsearch index template used by Graylog to apply the mandatory index mapping.

So the default value is graylog-internal.
I change that config value in graylog.conf with elasticsearch_index_prefix too.

What I see is that the index prefix change (elasticsearch_index_prefix works fine), the template name not (elasticsearch_template_name does not work)

elasticsearch_index_prefix = acme-graylog (graylog-internal  -> [acme-graylog_*])
elasticsearch_template_name = acme-graylog-internal (does not change)

Is there a bug in Graylog template rename or there is something wrong in my configuration?

2

Hello

I think what you want is in this post.

Hope that helps

1 Like
3

Hi @gsmith
Thank you for your answer. I’m not sure if the link you advice me is the solution to my problem. I’ll try to explain my issue better.

I’ve an elasticsearch search cluster and I’m trying to use it with 2 different graylog installation, each one with its mongodb.

So I configured the first graylog with variable:
elasticsearch_index_prefix = acme-graylog

and the second with:
elasticsearch_index_prefix = foo-graylog

and it worked correctly, I found on the cluster indices with this two prefix.

I also tried to define (on the first graylog startup, with mongodb empty):
elasticsearch_template_name = acme-graylog-internal

and:
elasticsearch_template_name = foo-graylog-internal

but what I found on elasticsearch is

(graylog-internal → [acme-graylog_*])

but I didn’t found two templates as I excepted.

So my understanding is that the variable “elasticsearch_template_name” isn’t evaluate at graylog startup and both graylog uses the same variable.

As a result just one of the elastic template is created (the second), because the first has been overwritten

4

Hello,

Correct me if I’m wrong.
You want to use your elasticsearch cluster for multiple Graylog instances, there for you want different indices for each Graylog server. Since Graylog uses Default index template #elasticsearch_template_name = graylog-internal for elasticsearch you’re trying to create two different default indices templates for each of these Graylog severs?

You looking for something like this?

image
image424×721 4.85 KB

elasticsearch_template_name = graylog-internal

This configuration setting is only used on the first start of Graylog. After that,
index related settings can be changed in the Graylog web interface on the ‘System / Indices’ page.
Sum it up, to have two different templates it might be a good idea to have separate Indices for each Graylog server unless that what your trying to do already.

5

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.