Erro searching logs

Graylog Central (peer support)
1

Hi all.

I’m trying to setup a graylog instance where the graylog server is accessed using a Virtual IP, but I’m having issues configuring graylog-server. The server starts, however searching does not yield any result. Accessing directly elasticsearch I can see there are logs and incoming logs get indexed. There are no errors on the graylog-server / elasticsearch, etc…

I’ve this configuration on the graylog:

rest_listen_uri = http://198.18.132.62:9000/api/    #Address 1989.* is not visible from outside
rest_transport_uri = http://10.113.131.226:9000/api/   #This is the VIP, accessible from outside.
web_listen_uri = http://198.18.132.62:9000/

I’m using graylog 2.3.1 in a single instance.

If I try to search “all messages” I can see a JavaScript an error on the browser:

      Unhandled rejection _determineSearchDuration@http://10.113.131.226:9000/assets/53.60cabbd99c29123b58da.js:1:3315
       _determineHistogramResolution@http://10.113.131.226:9000/assets/53.60cabbd99c29123b58da.js:1:3522
    ...

There’s also another error on the network view of the browser:

GET XHR http://netwin-manager.c.ptin.corppt.com:9000/api/plugins/org.graylog.plugins.usagestatistics/opt-out -> 404 Not found

Any ideia how to solve this? I’ve spend a few hours trying to figure out the configuration problem without any success.

Thanks,
Rui

2

Try replacing rest_transport_uri with web_endpoint_uri in your configuration file and use the default for rest_transport_uri.

3

Hi jochen,
thanks for your answer. I’ve done the changes as you suggested, i.e.:

 rest_listen_uri = http://198.18.132.62:9000/api/
 web_listen_uri = http://198.18.132.62:9000/
 web_endpoint_uri = http://10.113.131.226:9000/api/

However the problem remains the same. I think someone had this same problem and reported here (https://github.com/Graylog2/graylog2-server/issues/4081). However, I cannot understand how elasticsearch can be the cause. Like I said, logs get indexed. (I’m using ES 2.4.5)

4

Good morning.
It’s now working after reinstalling elasticsearch. :confused: Before reinstalling elasticsearch I just renamed elasticsearch data directory and restarted with an empty ES. No luck!

Removed elasticsearch and reinstalled (with an empty data directory), and things started to work! Have no idea what’s happened! :-/

5

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.