Graylog Nginx Load Balancer Conf

Graylog Version = graylog:2.3.0
Mongo Version = mongo:3.6
Elasticsearch Version = elasticsearch:6.6.1

  • We created the above graylog production setup. Elasticsearch and Graylog clusters are working fine.

  • If we push any logs to individual graylog server then it’s receiving well.

  • The problem we are facing in the nginx conf. We are trying to send logs through nginx load balancer. Our configuration is given below.

upstream graylog_server {
server fail_timeout=30s;
server fail_timeout=30s;
server fail_timeout=30s;

server {
listen *:80;
client_max_body_size 0;
keepalive_timeout 5;

access_log /usr/local/openresty/nginx/tmp/logs/access-$host.log combined;
error_log /usr/local/openresty/nginx/tmp/logs/access-error-graylog.log;

location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;

if (!-f $request_filename) {
    proxy_pass http://graylog_server;


Graylog 2.x doesn’t support Elasticsearch 6.x.

Please refer to the system requirements listed in the documentation:

The documentation is not explicitly mentioning that 2.3 graylog will not support elastic 6.6 version. The setup is working for us. The question is how to setup the nginx as a load balancer which can redirect our application sending logs over UDP port via Nginx. Has anyone done such a setup? Or should we use a different loadbalancer?

Yes, because Elasticsearch 6.x wasn’t released when Graylog 2.3.x was released. :wink:

It’s explicitly mentioned in the system requirements of Graylog 2.4.x (which is the latest stable version of Graylog which you should use for a new setup).

For UDP forward put this outside the http {} config section

    tcp_nodelay on;
    upstream graylog_2010 {
        server SERVER1:2010;
        server SERVER2:2010;

    server {
#TCP if you need
        listen 2010;
        proxy_pass graylog_2010;

    server {
        listen 2010 udp;
        proxy_pass graylog_2010;
#do not wait for response
        proxy_responses 0;


Nginx throws an error!

invalid parameter “udp”

where do you put the stream{} section?

If you share your config maybe someone will see the error…

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.