Hello, I’m trying to get graylog to work on my AWS Docker Contain like I have for ElasticSearch & Mongo. Everything I’ve seen seems to be Ubuntu or some other OS. I figured they would be similar but as semi-suspected it isn’t.
Any help would be greatly appreciated.
Thank you!
docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
93e8c9e732fe elasticsearch:8.7.1 “/bin/tini – /usr/l…” About an hour ago Up About an hour 9200/tcp, 9300/tcp amazing_wozniak
c41ca9711ed1 mongo “docker-entrypoint.s…” About an hour ago Up About an hour 27017/tcp magical_jennings
At first it wouldn’t let me post response due to new user having more than 2 links. Links in my compose file I pasted. So I put XXXX or LINKS in areas to get past that error. It took my updates finally, but then post I see was basically what I saved initially. I gotta post more often to understand how this works. Ugh!
First, I hope you dont mind but I fixed your configuration post so its readable
I found some configurations that doesnt seams right, I could be wrong thou. The networks you have - graylog. I also tried that it does seam to work well. I use depends_on:. With network I used network_mode: bridge. Elasticsearch 8.1, you might have issue with Graylog-5.1. most of the confiuration does seamed tp be correct.
NOTE: Here is mine,perhap this may help out.Its a little older then yours but the configurations should work, just need to add your own spec’s to the file (i.e., IP, image, etc…)
Hello gsmith,
I appreciate you replying and providing fixed compose file to be readable. I tried your file as is besides changing the ip address for things that didn’t pertain to my AWS instance Graylog/ElasticSearch/Mongo setup.
Your comment was that I would have issues possibly with ElasticSearch 8.7.1 to Graylog? When I do a docker ps, I see the following running but not Graylog. This is my issue at the moment. Why won’t it load/install/Run any Graylog? Is it because you are saying newer version of ElasticSearch with older Graylog? I was trying 5.1.
I took out the DNS, email etc.
Here is the update I did to your suggested compose file.
Since I’ve installed & run ElasticSearch:8.1.7 & Mongodb 6.0.6,
docker ps I see them running but not anything for Graylog.
[root@i-03cd299b485ee ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
42772916765d elasticsearch:8.7.1 “/bin/tini – /usr/l…” 24 seconds ago Up 24 seconds 9200/tcp, 9300/tcp festive_jepsen
42fd680abd1f mongo “docker-entrypoint.s…” About a minute ago Up About a minute 27017/tcp naughty_shannon
[root@i-03cd299b485ee ~]#
I was told I don’t even need to install Graylog, as the compose file was supposed to do that. I am new and I don’t get this as you can tell.
I just figure it is better to do a “docker pull graylog” whatever version, install, run etc. Then when I do a docker ps, I should see all three containers running.
No such luck!
Thank you in advance for your support.
Graylog 5.x.x is using Openseach 1.3 and above, You can still use Elasticsearch but its perfered to start with Opensearch. Im assuming later version of Graylog will not be compatible with Elasticsearch.
Not installing Graylog that would be incorrect, you can use environment variables and/or configuration file. Depending on what you want to do. Easiest way is just use docker-compose file.
Yes, you can run docker-compose logs this should tell you what the issue is.
EDIT: easiest way to find out why graylog container doesnt start is looking through logs root # docker logs -f
Hi gssmith,
Progress made by being able to log into Graylog server, but now I’m encountering no "Show messages for the 1 and only SideCar I have configured to send logs to Graylog Server. To top it off to more issues when I didn’t even touch the system after leaving work yesterday stuck at not seeing my “Show messages”.
Todays new problems: Collectors status
filebeat: Couldn’t execute collector /usr/share/filebeat/bin/filebeat, binary path is not included in `collector_binaries_accesslist’ config option.
SideCar_PB10, was running just fine, not “Failing” UGH!!!
Thank you gsmith et al for your responses! Got things back from last standpoint with more green status with the exception of a couple such as ElasticSearch Cluster being yellow.
Indices & Sidecar are both green & running again.
Still trying to solve the big hurdle of why no messages are showing up when I select “Sidecars Overview” show messages and all I get is the “Days listed”.
Need to solve making this configuration persistent from my AWS Environment. Power down AWS Instance or do a “docker-compose down” then “docker-compose up -d” and have to reconfigure everything each time I need to bring down the server or perform commands above.
Thank you in advance!