Elasticsearch Component

Graylog Central (peer support)
1

Hello every one,

I installed mongodb, elasticsearch and graylog in sequence. Mongod service is active but the elasticservice deactivated some seconds after starting (DEACTIVATED).

Does any one can help with that?

Thanks in advance

2

someone might help - but without details about your os, the way you have installed and configured and some logfiles nobody will be able to.

3

Hello Jan,
elasticsearch.service is start once after starting it then goes to failed status.
OS is Centos 7.5 the mongodb repo is;
[mongodb-org-3.6]
name=MongoDB Repository
baseurl=http://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/3.6/x86_64/
gpgcheck=0
enabled=1

Elasticsearch repo is:
[elasticsearch-5.x]
name=Elasticsearch repository for 5.x packages
baseurl=http://packages.elastic.co/elasticsearch/5.x/centos
gpgcheck=1
gpgkey=http://packages.elastic.co/GPG-KEY-elasticsearch
enabled=1

yum install elasticsearch#

vi /etc/elasticsearch/elasticsearch.yml

cluster.name: graylog

systemctl restart elasticsearch

Installing and configuring graylog has been done from the following link:
https://www.tadaay.com/blog/installation-and-configuration-of-graylog-server-on-centos-7/

Thanks in advance

4

you still did not share any logfiles.

That would reveal why your Elasticsearch is not running - maybe.

5

You can try to curl https:localhost:9200 which is elasticsearch default port and see if there is any response.

By right if elasticsearch is installed properly, you will see json response.

6

Retrieved information from /var/log/elasticsearch
[2018-06-23T16:06:19,457][INFO ][o.e.p.PluginsService ] [4a1fpVI] loaded module [x-pack-core]
[2018-06-23T16:06:19,457][INFO ][o.e.p.PluginsService ] [4a1fpVI] loaded module [x-pack-deprecation]
[2018-06-23T16:06:19,457][INFO ][o.e.p.PluginsService ] [4a1fpVI] loaded module [x-pack-graph]
[2018-06-23T16:06:19,457][INFO ][o.e.p.PluginsService ] [4a1fpVI] loaded module [x-pack-logstash]
[2018-06-23T16:06:19,457][INFO ][o.e.p.PluginsService ] [4a1fpVI] loaded module [x-pack-ml]
[2018-06-23T16:06:19,457][INFO ][o.e.p.PluginsService ] [4a1fpVI] loaded module [x-pack-monitoring]
[2018-06-23T16:06:19,457][INFO ][o.e.p.PluginsService ] [4a1fpVI] loaded module [x-pack-rollup]
[2018-06-23T16:06:19,458][INFO ][o.e.p.PluginsService ] [4a1fpVI] loaded module [x-pack-security]
[2018-06-23T16:06:19,458][INFO ][o.e.p.PluginsService ] [4a1fpVI] loaded module [x-pack-sql]
[2018-06-23T16:06:19,458][INFO ][o.e.p.PluginsService ] [4a1fpVI] loaded module [x-pack-upgrade]
[2018-06-23T16:06:19,458][INFO ][o.e.p.PluginsService ] [4a1fpVI] loaded module [x-pack-watcher]
[2018-06-23T16:06:19,458][INFO ][o.e.p.PluginsService ] [4a1fpVI] no plugins loaded
[2018-06-23T16:06:22,663][INFO ][o.e.x.s.a.s.FileRolesStore] [4a1fpVI] parsed [0] roles from file [/etc/elasticsearch/roles.yml]
[2018-06-23T16:06:23,359][INFO ][o.e.x.m.j.p.l.CppLogMessageHandler] [controller/19514] [Main.cc@109] controller (64 bit): Version 6.3.0 (Build 0f0a34c67965d7) Copyright © 2018 Elasticsearch BV
[2018-06-23T16:06:23,741][DEBUG][o.e.a.ActionModule ] Using REST wrapper from plugin org.elasticsearch.xpack.security.Security
[2018-06-23T16:06:24,113][INFO ][o.e.d.DiscoveryModule ] [4a1fpVI] using discovery type [zen]
[2018-06-23T16:06:24,990][INFO ][o.e.n.Node ] [4a1fpVI] initialized
[2018-06-23T16:06:24,990][INFO ][o.e.n.Node ] [4a1fpVI] starting …
[2018-06-23T16:06:25,216][INFO ][o.e.t.TransportService ] [4a1fpVI] publish_address {127.0.0.1:9300}, bound_addresses {[::1]:9300}, {127.0.0.1:9300}
[2018-06-23T16:06:28,339][INFO ][o.e.c.s.MasterService ] [4a1fpVI] zen-disco-elected-as-master ([0] nodes joined)[, ], reason: new_master {4a1fpVI}{4a1fpVI_QlOp3pIco9Q8cQ}{Frc_bg8dQguH2tKtnWdh7A}{127.0.0.1}{127.0.0.1:9300}{ml.machine_memory=12598181888, xpack.installed=true, ml.max_open_jobs=20, ml.enabled=true}
[2018-06-23T16:06:28,348][INFO ][o.e.c.s.ClusterApplierService] [4a1fpVI] new_master {4a1fpVI}{4a1fpVI_QlOp3pIco9Q8cQ}{Frc_bg8dQguH2tKtnWdh7A}{127.0.0.1}{127.0.0.1:9300}{ml.machine_memory=12598181888, xpack.installed=true, ml.max_open_jobs=20, ml.enabled=true}, reason: apply cluster state (from master [master {4a1fpVI}{4a1fpVI_QlOp3pIco9Q8cQ}{Frc_bg8dQguH2tKtnWdh7A}{127.0.0.1}{127.0.0.1:9300}{ml.machine_memory=12598181888, xpack.installed=true, ml.max_open_jobs=20, ml.enabled=true} committed version [1] source [zen-disco-elected-as-master ([0] nodes joined)[, ]]])
[2018-06-23T16:06:28,377][INFO ][o.e.x.s.t.n.SecurityNetty4HttpServerTransport] [4a1fpVI] publish_address {127.0.0.1:9200}, bound_addresses {[::1]:9200}, {127.0.0.1:9200}
[2018-06-23T16:06:28,378][INFO ][o.e.n.Node ] [4a1fpVI] started
[2018-06-23T16:06:28,480][WARN ][o.e.x.s.a.s.m.NativeRoleMappingStore] [4a1fpVI] Failed to clear cache for realms [[]]
[2018-06-23T16:06:28,551][INFO ][o.e.g.GatewayService ] [4a1fpVI] recovered [0] indices into cluster_state
[2018-06-23T16:06:28,820][INFO ][o.e.c.m.MetaDataIndexTemplateService] [4a1fpVI] adding template [.watch-history-7] for index patterns [.watcher-history-7*]
[2018-06-23T16:06:28,854][INFO ][o.e.c.m.MetaDataIndexTemplateService] [4a1fpVI] adding template [.triggered_watches] for index patterns [.triggered_watches*]
[2018-06-23T16:06:28,890][INFO ][o.e.c.m.MetaDataIndexTemplateService] [4a1fpVI] adding template [.watches] for index patterns [.watches*]
[2018-06-23T16:06:28,924][INFO ][o.e.c.m.MetaDataIndexTemplateService] [4a1fpVI] adding template [.monitoring-logstash] for index patterns [.monitoring-logstash-6-]
[2018-06-23T16:06:28,957][INFO ][o.e.c.m.MetaDataIndexTemplateService] [4a1fpVI] adding template [.monitoring-es] for index patterns [.monitoring-es-6-]
[2018-06-23T16:06:28,984][INFO ][o.e.c.m.MetaDataIndexTemplateService] [4a1fpVI] adding template [.monitoring-beats] for index patterns [.monitoring-beats-6-]
[2018-06-23T16:06:29,002][INFO ][o.e.c.m.MetaDataIndexTemplateService] [4a1fpVI] adding template [.monitoring-alerts] for index patterns [.monitoring-alerts-6]
[2018-06-23T16:06:29,023][INFO ][o.e.c.m.MetaDataIndexTemplateService] [4a1fpVI] adding template [.monitoring-kibana] for index patterns [.monitoring-kibana-6-]
[2018-06-23T16:06:29,061][INFO ][o.e.l.LicenseService ] [4a1fpVI] license [b6a5f498-16b1-4de7-807a-93add26cae41] mode [basic] - valid
[2018-06-23T16:59:32,711][INFO ][o.e.n.Node ] [4a1fpVI] stopping …
[2018-06-23T16:59:32,740][INFO ][o.e.x.w.WatcherService ] [4a1fpVI] stopping watch service, reason [shutdown initiated]
[2018-06-23T16:59:33,115][INFO ][o.e.x.m.j.p.l.CppLogMessageHandler] [controller/19514] [Main.cc@148] Ml controller exiting
[2018-06-23T16:59:33,116][INFO ][o.e.x.m.j.p.NativeController] Native controller process has stopped - no new native processes can be started
[2018-06-23T16:59:33,130][INFO ][o.e.n.Node ] [4a1fpVI] stopped
[2018-06-23T16:59:33,131][INFO ][o.e.n.Node ] [4a1fpVI] closing …
[2018-06-23T16:59:33,141][INFO ][o.e.n.Node ] [4a1fpVI] closed

7

According to those logs, Elasticsearch stopped on June 23, 2018 on that node.

Maybe check the current Elasticsearch logs…

8

I also see the following notification when connect to the graylog server via web interface;
There is a node without any running inputs. (triggered 9 minutes ago)
There is a node without any running inputs. This means that you are not receiving any messages from this node at this point in time. This is most probably an indication of an error or misconfiguration. You can click here to solve this

9

Have you read the notification?

10

Hi again,
I created input but immediately after that I got the following message:
Deflector exists as an index and is not an alias. I have installed elasticsearch 6.x repo. Should I delete the Index prefix? where could I find it?

11

Graylog 2.x doesn’t support Elasticsearch 6.

http://docs.graylog.org/en/2.4/pages/installation.html#system-requirements
http://docs.graylog.org/en/2.4/pages/configuration/elasticsearch.html#elasticsearch-versions

12

Thanks for the supporting information!

13

I have changed the elasticsearch version to 5.X but still get the following notification:
Deflector exists as an index and is not an alias

14

Are you sure it’s not the old notification which you haven’t closed?

Also make sure to read http://docs.graylog.org/en/2.4/pages/faq.html#how-do-i-fix-the-deflector-exists-as-an-index-and-is-not-an-alias-error-message.

1 Like
15

Yes, It was the old one :slight_smile:

16

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.