Graylog indices

(sateesh) #1

Launched new server for graylog, I am not getting an option to create indices .

i am seeing an option as maintenance, what could be the issue.


(Jan Doberstein) #2

please rephrase your question - it is not clear what you have done and what is not working like you expect it.

(sateesh) #3

Under System -Indices- i am not seeing an option here to create index set,

I am not seeing above option. Create Index.

I am seeing option as mantinance


(Jan Doberstein) #4

If elasticsearch is available Graylog will create the default indices without the need of user interaction.

So make Elasticsearch available and restart Graylog will solve your issue.


(sateesh) #5

Now . i am seeting the below error in graylog portal
There are Elasticsearch nodes in the cluster that have a too low open file limit (current limit: 4096 on ip-x.x.x.x; should be at least 64000) This will be causing problems that can be hard to diagnose. Read how to raise the maximum number of open files in

Where this option is set

(Jan Doberstein) #6

Will give you (for example) this link:

Fix your Elasticsearch issues and Graylog will be working.

(sateesh) #7

Hi, i am getting still not able to connect from graylog to elasticsearch server.

[zen] [grayloga35d9d88-7ceb-481c-92e4-262812b7478f] failed to send join request to master [{Legion}{}{}{}], reason [RemoteTransportException[[Legion][][internal:discovery/zen/join]]; nested: ConnectTransportException[[grayloga35d9d88-77478f][] connect_timeout[30s]]; nested: NotSerializableExceptionWrapper[connect_exception: Connection refused: /]; ]

On graylog server if i do telnet its able to communicate, not sure what causing issue

(Jan Doberstein) #8

What is your elasticsearch_host configuration in Graylog?

What is your elasticsearch configuration file content?

(sateesh) #9

elasticsearch_discovery_zen_ping_unicast_hosts =
able to telnet from graylog to elastic search

(sateesh) #10

In Graylog i can see the below error

connect_timeout[30s]]; nested: NotSerializableExceptionWrapper[connect_exception: Connection refused: /]; ]
2018-06-25T11:03:54.083Z ERROR [AnyExceptionClassMapper] Unhandled exception in REST resource
at$AsyncSingleAction$5.onTimeout( ~[graylog.jar:?]
at org.elasticsearch.cluster.ClusterStateObserver$ObserverClusterStateListener.onTimeout( ~[graylog.jar:?]
at org.elasticsearch.cluster.service.InternalClusterService$ ~[graylog.jar:?]
at java.util.concurrent.ThreadPoolExecutor.runWorker( [?:1.8.0_171]
at java.util.concurrent.ThreadPoolExecutor$ [?:1.8.0_171]
at [?:1.8.0_171]

(Jan Doberstein) #11

what you gives me does not answer my two questions.

but, what Graylog Version did you have? and in addition my two questions above are not yet answered.

(sateesh) #12

I am using graylog version Graylog v2.1

elastic search hostname i have defined as below elasticsearch_discovery_zen_ping_unicast_hosts =
elasticsearch_hosts = http://x.x.x.x:9300,
able to telnet from graylog to elastic search

(sateesh) #13

Basically issue with not able to connect from ES to Graylog by 9350 port
nested: ConnectTransportException[[grayloga35d9d88478f][] connect_timeout[30s]]; nested: NotSerializableExceptionWrapper[connect_exception: Connection refused: /];
tcp6 0 0 ::1:25 :::* LISTEN 977/master
tcp6 0 0 :::* LISTEN 29335/java
tcp6 0 0 ::1:9350 :::* LISTEN 29335/java
[root@ server]#

(sateesh) #14

This issue resolved communication issue, able to communicate from Graylog to ES, still not able to see an option under system–> Indices- create indices and default indices option is not showing

(Jan Doberstein) #15

depending on your ES configuration you might have choosen the wrong port for the communication.

Your Graylog Version 2.1 does not contain the option to create different indices. This was introduced with 2.2 ( ).

You should really update the the latest release - which is 2.4.5 at time of writing this.

(sateesh) #16

I have installed with 2.4, default index is not created and input GELF TCP is not starting the process.

(sateesh) #17

Could not retrieve index sets.
Fetching index sets list failed: Unable to read information for indices [graylog_*]

(Jan Doberstein) #18

if you update your Graylog, what is your configuration of Graylog (server.conf) what is your Elasticsearch configuration (elasticsearch.yml) and what Version of Elasticsearch did you run?

(sateesh) #19

Graylog v2.3.2+3df951e elasticsearch version 5
any command to check config output


You have problems with your IP addresses. Your snippets tell you use

  • (which is not a valid IPv4 address)
  • (which is a loopback device)
  • x.x.x.x (which you are not revealing)

You should select either the loopback interface or an eth interface and use it consistently.