After a more or less successful upgrade to graylog 4.1 and elasticsearch 7.14 we are seeing a lot of the following errors in the graylog server log:
ERROR [PivotAggregationSearch] Aggregation search query returned an error: Elasticsearch exception [type=illegal_argument_exception, reason=maxSize must be >= 0 and < 2147483631; got: 2147483647]
There are no corresponding errors in the elasticsearch log.
Does anyone know what the source of these error is and how to fix them?
We (… OK, I…) accidentally upgraded elasticsearch to 7.14 and I am seeing those errors in my Graylog log as well. I also see that my index registers as having been created 52 years ago (punch cards, I am sure!) From what I can tell so far this results in widgets on dashboards failing to load properly on occasion - usually a single refresh will fix that. Had I been a bit more astute I would have caught that we shouldn’t upgrade Elastic when doing a general Ubuntu upgrade … and I would have put a hold on Elastic to 7.10.
I was considering adding a 7.10 version to the cluster, then dropping/rebuilding the 7.14 machines but I am not sure it is possible - Elastic cluster may choke on versioning or data may get lost/corrupted. Still…it would be a good exercise to go though though…
Let me know how adding a 7.10 node works out for you. As I totally hosed three months worth of data when I upgraded from 5.6->6.8->7.14 I may just start from scratch, but if there was a smoother way to get a supported release that would be great. As it is things seem to be working for the most part aside from those errors—the stuff I care about—streams, alerts, plugin configurations all seem functional. If 7.14 is on the road map I’m willing to live with the errors for a while.
Tom
Same problem here, everything was working fine until I add a third graylog node to complete my cluster,
now I get a lot of “ERROR [PivotAggregationSearch]” in my logs resulting to a non working aggregation so now all my alerts with aggregation results won’t work anymore…
Is there a way to fix this please?
…) accidentally upgraded elasticsearch to 7.14 and I am seeing those errors in my Graylog log as well. I also see that my index registers as having been created 52 years ago (punch cards, I am sure!) From what I can tell so far this results in widgets on dashboards failing to load properly on occasion - usually a single refresh will fix that. Had I been a bit more astute I would have caught that we shouldn’t upgrade Elastic when doing a general Ubuntu upgrade … and I would have 