Graylog couldn't execute search

Graylog Central (peer support)
1

Hi all,

Suddenly this happened to my Graylog. When I open the Web interface I am getting -

Error Message:
Unable to perform search query.
Details:
Search status code:
500
Search response:
cannot GET https://10.50.10.10:443/api/search/universal/relative?query=gl2_source_input%3A5992e8e41bcc9403b6eb20be&range=0&limit=150&sort=timestamp%3Adesc (500)

_and this is my current show-config result _

Starting Chef Client, version 12.6.0
Compiling Cookbooks…
{
_ “graylog”: {_
_ “bootstrap”: {_
_ “bootstrapped”: false_
_ },_
_ “etcd”: {_
_ “enabled”: true_
_ },_
_ “nginx”: {_
_ “enabled”: true_
_ },_
_ “mongodb”: {_
_ “enabled”: true_
_ },_
_ “elasticsearch”: {_
_ “enabled”: false_
_ },_
_ “graylog-server”: null_
_ }_
}
Converging 0 resources

can anyone help me to fix this?

2

What’s in the logs of your Graylog and Elasticsearch nodes?
http://docs.graylog.org/en/2.3/pages/configuration/file_location.html#omnibus-package

4

Please provide the complete logs, not just arbitrary snippets.

6

These are the logs of Elasticsearch. What about the logs of Graylog?

8

Really?

Please post the complete logs.

10

it’s about 8000 lines! would you really like to have all of them?

11

I think my elasticsearch is not working! when I try to curl -XGET ‘localhost:9200’ I get : curl: (7) Failed to connect to localhost port 9200: Connection refused!

12

Yes, that’s expected since the Elasticsearch service is disabled (see your first post).

13

No, I’d like to have only the relevant pieces. But since neither you nor I know which parts are relevant, post everything (within a sensible range - I don’t care about logs from last week).

15

Please use proper formatting for your post next time you want to share a large text snippet.
http://commonmark.org/help/

Example:

```
Text
```
16

How exactly did you configure the OVA?
Do you want Elasticsearch to run on another machine?
Is that machine accessible?

17

I just import the OVA file into my VM cluster. No I want to have elastic on same machine.
It was working until today about 13:00 o’clock.
No it is not accessible!

18

Try running the following command to reenable all services (including Elasticsearch):

sudo graylog-ctl enable-all-services
19

I did try this solution before before but no result!

20

What’s the content of /etc/graylog/graylog-services.json inside the virtual machine?

21

It looks good.

{
“etcd”: {
“enabled”: true
},
“nginx”: {
“enabled”: true
},
“mongodb”: {
“enabled”: true
},
“elasticsearch”: {
“enabled”: true
},
“graylog_server”: {
“enabled”: true
}
}

22

i think it’s going to be okay because my node ist trying to process 1,999,396 unprocessed messages. and after that should work again.

23

Somehow my Server is working like a charm! :grinning:

24

What I learned from this issue:

When Journal utilization is too high Live search result won’t work.

my solution: to make it funktionale have to stop inputs and let the Graylog to process the unprocessed messages.
After all messages are processed the search would work again.:star_struck: