Hi,
I think this is a easy solution im just stumped as to how.
So i noticed i was running a old version of elasticsearch in my docker-compose file. so i decided to change it to the newst version mentioned in the graylog documentation. When i did that my index got blocked with the following error:
Blockquote
blocked by: [FORBIDDEN/12/index read-only / allow delete (api)];
graylog_1 | at org.graylog2.indexer.cluster.jest.JestUtils.specificException(JestUtils.java:110) ~[graylog.jar:?]
graylog_1 | at org.graylog2.indexer.cluster.jest.JestUtils.execute(JestUtils.java:60) ~[graylog.jar:?]
graylog_1 | at org.graylog2.indexer.cluster.jest.JestUtils.execute(JestUtils.java:65) ~[graylog.jar:?]
graylog_1 | at org.graylog2.indexer.indices.Indices.cycleAlias(Indices.java:655) ~[graylog.jar:?]
graylog_1 | at org.graylog2.indexer.MongoIndexSet.pointTo(MongoIndexSet.java:357) ~[graylog.jar:?]
graylog_1 | at org.graylog2.periodical.IndexRotationThread.checkAndRepair(IndexRotationThread.java:166) ~[graylog.jar:?]
graylog_1 | at org.graylog2.periodical.IndexRotationThread.lambda$doRun$0(IndexRotationThread.java:76) ~[graylog.jar:?]
graylog_1 | at java.lang.Iterable.forEach(Iterable.java:75) [?:1.8.0_252]
graylog_1 | at org.graylog2.periodical.IndexRotationThread.doRun(IndexRotationThread.java:73) [graylog.jar:?]
graylog_1 | at org.graylog2.plugin.periodical.Periodical.run(Periodical.java:77) [graylog.jar:?]
graylog_1 | at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) [?:1.8.0_252]
graylog_1 | at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308) [?:1.8.0_252]
graylog_1 | at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:180) [?:1.8.0_252]
graylog_1 | at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:294) [?:1.8.0_252]
graylog_1 | at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_252]
graylog_1 | at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_252]
graylog_1 | at java.lang.Thread.run(Thread.java:748) [?:1.8.0_252]
I think it just need to set something somewhere so my index is not blocked anymore. but i can’t find how to do it?
But i can’t find how to implement this with a graylog solution?
Like with Kibana i can run script code from the web interface, but how am i suppose to do it with graylog. The solution escapes me
ok so i got a little further now… people are proberly thinking by now “if we just let this guy hanging he will figure it out on his own” but i really would like to have this solved quickly
I tried changing them to 0.0.0.0 and the local ip of the docker server and even dns name. all failed.
I think its the right settings im tampering with i just don’t understand what to put in them in order to get my api adress to not use docker brodcast ip but the “right” one.
@jan
Thanks for answering. I how been scovering the net since this was also my conclution, i thought the API i found was for everything… apparently only graylog.
I have foudn the put command i need to fire against the elasticsearch but i can’t find how to do it.
can you perhaps help me with this? i know its not a graylog issue but instead of me having to create a account at elaticsearch forum and wait for response i was hopeing you would get going faster?
you should first find the reason for the read only status of elasticsearch. most likely you have not enough disk space available so elasticsearch switched into the high watermark state. But the elasticsearch log should tell you that.
After the reason is solved you can fire the curl command agains the elasticsearch api - in your case you need to open the port via docker compose or jump into a shell inside the container OR add a cerebro container and perform the action with cerebro.