Graylog isn't working after upgrade

(Crisley Linhares) #1

Today we updated our version of Graylog to 2.3. However, she stopped receiving messages. When I try to perform a search, the following message is displayed:

"Error Message:
Unable to perform search query.
Search status code:
Search response:
Can not GET*&range=300&limit=150&sort=timestamp%3Adesc (500)

According to the graylog-server log, the message:

“ERROR [Cluster] could not read cluster health for indices [graylog_ *] (could not connect to”

Followed by several errors. I noticed that it tries to connect to the elasticsearch cluster through localhost, however the cluster is available on another server and through our tests it is available. The graylog-server and elasticsearch configuration files are apparently normal. I would like help solving this problem since Graylog stopped working at our institution.

(João Ciocca) #2

I’m struggling with the same problem, it seems… sorry I couldn’t help =(

(Crisley Linhares) #3

Somebody with the same problem that could help me, please? :frowning:

(João Ciocca) #4

so, my initial problem was server.conf using elasticsearch native port instead of http port. You checked that?
Take a look at the details I’ve posted and see if anything resonates…


Unfortunately I’ve been hitting the same problem, on my dockerized instance. When running the v2.2.3-1, all is good. When upgrading to v2.3.1-1, the container does not get past the mentioned logged error:

“ERROR [Cluster] could not read cluster health for indices [graylog_ *] (could not connect to”

Not sure how to proceed either…(sticking to v2.2 for now).

(Nimol) #6

What’s the content of /etc/graylog/graylog-services.json inside the your machine?

if like this
“etcd”: {
“enabled”: true
“nginx”: {
“enabled”: true
“mongodb”: {
“enabled”: true
“elasticsearch”: {
“enabled”: true
“graylog_server”: {
“enabled”: true
then is fine just input

sudo graylog-ctl enable-all-services

(Jochen) #7

Please read the upgrade notes for Graylog 2.3.x:

(system) closed #8

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.