GELF HTTP send address

Hello, New to Graylog :slight_smile: :slight_smile:

Trying to send GELF HTTP using CURL over port 5555.

Set up:
Graylog server is installed on
Local machine (source of message):

Tried creating an input but it wont accept port 9000 so I changed it to port 5555.

Documentation says to use http://graylog/[port number]/gelf.

I am not sure where to get the url (other than the destination ip address) and I cant send over port 9000. Any help is appreciated.


You probably misunderstand how to create proper Input:

  1. Every Input should use it’s own port
  2. Don’t try to use port 9000 for input, as it’s a port, where listen graylog web interface
  3. GELF HTTP Input need own port, by default it is 12201
  4. Proper URL for GELF HTTP is or you can also use IP
  5. Check that your firewall don’t block your PORT used in GELF HTTP Input from local machine to graylog server

I think, documentation is clear, how to use curl:


I tried the sending messages using curl as said in the instructions and I get the following:

I then checked the status of elastic search and got the following:

Any help?

Your Elastic Search database crashed, so check elastic log file to find the reason. Due to crashed elastic db, graylog couldn’t show anything and return error 500.


when I opened the log file using nano, here is what I found. I am new to this so dont really wanna mess up anything. Any ideas on the best way to fix this?

I just scrolled down to the very end of the file.


I also gathered from one of the forums that the JAVA_HOME path might not be set correctly. When I try to access the configuration file at etc/default/elasticsearch , I get a “Permission Denied” error.

Not sure how to go about it…

How did you install Graylog on your device?
Could you give us a little more info about your environment?

Hi @judel5,
did use follow official documentation to install Elastic Search? Because I see in your log file that x-pack modules were loaded, which can cause problems with graylog. Graylog recommend to install OSS version of elastic search packages (elasticsearch-oss) without x-pack extentions:

Check your installed version:
dpkg -l |grep -i elastic


The device is a dell desktop with intel core i5. I believe it is about 250GB and 4GB ram. The OS is Ubuntu 19.04.


Thanks. So at this point does it make sense to reinstall or is there a fix that I can apply? I’lll check the exact version when I get home later today.



This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.