Graylog 2.x does not work with Elasticsearch 5.x!


(Ernest G Wilson Ii) #1

Graylog 2.x does not work with Elasticsearch 5.x!
As clearly noted here:
REF: http://docs.graylog.org/en/2.2/pages/configuration/elasticsearch.html

Is this on the radar to be a supported configuration?
Elasticsearch 5.x

Results:

2017-02-19T12:21:26.738Z WARN [IndexerSetupService] Could not connect to Elasticsearch
2017-02-19T12:21:26.738Z INFO [IndexerSetupService] If you're using multicast, check that it is working in your network and that Elasticsearch is accessible. Also check that the cluster name setting is correct.
2017-02-19T12:21:26.739Z INFO [IndexerSetupService] See http://docs.graylog.org/en/2.2/pages/configuration/elasticsearch.html for details.
2017-02-19T12:27:18.077Z INFO [IndexerClusterCheckerThread] Indexer not fully initialized yet. Skipping periodic cluster check.
2017-02-19T12:27:18.795Z WARN [V20161130141500_DefaultStreamRecalcIndexRanges] Interrupted or timed out waiting for Elasticsearch cluster, checking again.
2017-02-19T12:27:48.081Z INFO [IndexerClusterCheckerThread] Indexer not fully initialized yet. Skipping periodic cluster check.

(Jochen) #2

Hi Ernest,

as @jan already wrote in https://github.com/Graylog2/graylog2-server/issues/3520, Graylog 2.x will not support Elasticsearch 5.x.

This is something we want to tackle in Graylog 3.0.x or later.

Cheers,
Jochen


(Ernest G Wilson Ii) #3

It looks like there is some awesome movement here! Nice!

Can you shed any light if this will be compatible with X-Pack?
Specifically: Will Graylog work with “Security” in Elasticsearch 5x (aka Shield)?

Thank you!


(Jochen) #4

Yes, it will work with Shield.