Graylog now says elasticsearch version is unsupported?

https://docs.graylog.org/docs/operating-system-packages

2022-10-12T16:31:19.874-07:00 ERROR [IndexRotationThread] Couldn’t point deflector to a new index
org.graylog2.indexer.ElasticsearchException: Unsupported Elasticsearch version: 7.10.2

But your doc says it must be below 7.11???
https://docs.graylog.org/docs/centos

That doesn’t seem right - can you give a little more context about your system (versions of things) and where this message popped up?

Hello @jerryroy1 And Welcome.

From my understanding in this section

image1236×240 15.4 KB

What I get from that statement is " Don’t no install Elasticsearch 7.11 or higher".

This normally refers to you Elasticsearch and could be in READ Mode or not operating correct.

As @tmacgbay stated we need more info to help.

I get this message when trying to post - “Sorry, new users can only put 2 links in a post.” so I have removed https: on all URL’s and that didn’t work then I finally just removed all the url I could find

Hey There, thanks for the response. So I am following the doc as mentioned (previous link)

And I create the repo file as it states

[elasticsearch-7.x]
name=Elasticsearch repository for 7.x packages
baseurl= 
gpgcheck=1
gpgkey= 
enabled=1
autorefresh=1
type=rpm-md

But when I run the “sudo yum install elasticsearch-oss” I get “No package elasticsearch-oss available.” (See below)

[root@graylog ~]# sudo yum install elasticsearch-oss
Loaded plugins: fastestmirror
Repository rsyslog_v8_daily is listed more than once in the configuration
Loading mirror speeds from cached hostfile
epel/x86_64/metalink | 22 kB 00:00:00

• base:
• centosplus:
• epel:
• extras:
• updates:
  base | 3.6 kB 00:00:00
  centosplus | 2.9 kB 00:00:00
  elasticsearch-6.x | 1.3 kB 00:00:00
  Not using downloaded elasticsearch-6.x/repomd.xml because it is older than what we have:
  Current : Thu Jan 6 19:04:58 2022
  Downloaded: Thu Jan 6 18:39:20 2022
  epel | 4.7 kB 00:00:00
  extras | 2.9 kB 00:00:00
  graylog | 2.9 kB 00:00:00
  mongodb-org-4.0 | 2.5 kB 00:00:00
  rsyslog_v8_daily | 3.0 kB 00:00:00
  updates | 2.9 kB 00:00:00
  (1/3): epel/x86_64/updateinfo | 1.0 MB 00:00:00
  (2/3): rsyslog_v8_daily/x86_64/primary_db | 1.7 MB 00:00:00
  (3/3): epel/x86_64/primary_db | 7.0 MB 00:00:01
  No package elasticsearch-oss available.

So I went into the elasticsearch archives and got the 7.10.2 rpm and installed it because the docs say must be below 7.11

wget //artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.10.2-x86_64.rpm
rpm -ivh elasticsearch-7.10.2-x86_64.rpm

Then it had permissions problems (right aftter it created folders etc???) I decided to just chmod 777 on the elasticsearch node directory and finally the service would start.

Here is the message in graylog-server/server.log

2022-10-13T12:14:20.970-07:00 WARN  [IndexFieldTypePollerPeriodical] Active write index for index set "Default index set" (633fa8a88156f45e03bb903d) doesn't exist yet
2022-10-13T12:14:25.971-07:00 WARN  [IndexFieldTypePollerPeriodical] Active write index for index set "Default index set" (633fa8a88156f45e03bb903d) doesn't exist yet
2022-10-13T12:14:29.845-07:00 INFO  [MongoIndexSet] Did not find a deflector alias. Setting one up now.
2022-10-13T12:14:29.846-07:00 INFO  [MongoIndexSet] There is no index target to point to. Creating one now.
2022-10-13T12:14:29.848-07:00 INFO  [MongoIndexSet] Cycling from <none> to <graylog_0>.
2022-10-13T12:14:29.848-07:00 INFO  [MongoIndexSet] Creating target index <graylog_0>.
2022-10-13T12:14:29.849-07:00 ERROR [IndexRotationThread] Couldn't point deflector to a new index
org.graylog2.indexer.ElasticsearchException: **Unsupported Elasticsearch version: 7.10.2**
        at org.graylog2.indexer.IndexMappingFactory.createIndexMapping(IndexMappingFactory.java:41) ~[graylog.jar:?]
        at org.graylog2.indexer.indices.Indices.ensureIndexTemplate(Indices.java:363) ~[graylog.jar:?]
        at org.graylog2.indexer.indices.Indices.create(Indices.java:411) ~[graylog.jar:?]
        at org.graylog2.indexer.indices.Indices.create(Indices.java:397) ~[graylog.jar:?]
        at org.graylog2.indexer.MongoIndexSet.cycle(MongoIndexSet.java:293) ~[graylog.jar:?]
        at org.graylog2.indexer.MongoIndexSet.setUp(MongoIndexSet.java:261) ~[graylog.jar:?]
        at org.graylog2.periodical.IndexRotationThread.checkAndRepair(IndexRotationThread.java:138) ~[graylog.jar:?]
        at org.graylog2.periodical.IndexRotationThread.lambda$doRun$0(IndexRotationThread.java:76) ~[graylog.jar:?]
        at java.lang.Iterable.forEach(Iterable.java:75) [?:1.8.0_345]
        at org.graylog2.periodical.IndexRotationThread.doRun(IndexRotationThread.java:73) [graylog.jar:?]
        at org.graylog2.plugin.periodical.Periodical.run(Periodical.java:77) [graylog.jar:?]
        at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) [?:1.8.0_345]
        at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308) [?:1.8.0_345]
        at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:180) [?:1.8.0_345]
        at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:294) [?:1.8.0_345]
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_345]
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_345]
        at java.lang.Thread.run(Thread.java:750) [?:1.8.0_345]

How would I adjust the mode? Sorry, consider me a newbie, I am reacquainting myself with Linux.

Check out this post.

hey
So I install Elasticsearch-oss on a lab server real quick to check out the documentation.

1007  rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
1008  vi /etc/yum.repos.d/elasticsearch.repo
1009  vi /etc/yum.repos.d/elasticsearch.repo
1010  yum update
1011  vi /etc/yum.repos.d/elasticsearch.repo
1012  clear
1013  yum update
1014  clear
1015  sudo yum install elasticsearch-oss
1016  sudo systemctl daemon-reload
1017  sudo systemctl enable elasticsearch.service
1018  sudo systemctl start elasticsearch.service
1019  sudo systemctl status elasticsearch.service
1020  clear
1021   curl -XGET http://127.0.0.1:9200/_cluster/health?pretty
1022  clear
1023  history
[root@nextcloud-web1 ~]#

Should look like this, make sure you elasticsearch is running Before Graylog Server. Also ensure it states “Green” in the output as shown below.

[root@nextcloud-web1 ~]#  curl -XGET http://127.0.0.1:9200/_cluster/health?pretty
{
  "cluster_name" : "elasticsearch",
  "status" : "green",
  "timed_out" : false,
  "number_of_nodes" : 1,
  "number_of_data_nodes" : 1,
  "active_primary_shards" : 0,
  "active_shards" : 0,
  "relocating_shards" : 0,
  "initializing_shards" : 0,
  "unassigned_shards" : 0,
  "delayed_unassigned_shards" : 0,
  "number_of_pending_tasks" : 0,
  "number_of_in_flight_fetch" : 0,
  "task_max_waiting_in_queue_millis" : 0,
  "active_shards_percent_as_number" : 100.0
}
[root@nextcloud-web1 ~]#

Let’s try this again. Two URL again

Out of curiosity is this a new install?

Yes, brand new install. I previously tried ELK but what a mess. Different install scenarios and finally I uninstalled all and went with Graylog. Same issues there with elasticsearch. The installed required about not being 6.2.4 and the repo kept installing version 7

With a new install you should definitely be installing Opensearch the process is not well documented unfortunately but Graylog is EOL with Elasticsearch because of licensing and compatibility issues.

Hello @jerryroy1

I have to agree with @tmacgbay if this is a new install I would go with OpenSearch using YUM. But to be honest it seams your have a tough time with Elasticsearch, I’m not sure its it the installation or the configuration that’s being executed. To brief you on both ELK and Graylog
ELK stack elasticsearch is in the center of that type of environment . your configuration, etc…
Graylog basically controls the environment. Through the GUI with creating the indices, etc…
So the moral of the story with Graylog is Set up Elasticsearch/OpenSearch have it running " Green" then configure MongoDB and also have it running (i.e. default settings will work).
once those two service are good Tie everything together with Graylog in the graylog.conf file.
When starting graylog up tail -f the log files.

NOTE: since this is Graylog 4.3 I think your installing I would defiantly use OpenSearch 1.3 perhaps that might be the issue.

I have decided to go with opensearch. Lets see how it goes

Hey Folks,

Any idea what could be the cause? Elastic search will not start!

[root@graylog ~]# sudo systemctl restart elasticsearch.service

Job for elasticsearch.service failed because the control process exited with error code. See “systemctl status elasticsearch.service” and “journalctl -xe” for details.

[root@graylog ~]#

[root@graylog ~]# systemctl status elasticsearch.service

● elasticsearch.service - Elasticsearch

Loaded: loaded (/usr/lib/systemd/system/elasticsearch.service; enabled; vendor preset: disabled)

Active: failed (Result: exit-code) since Mon 2022-10-24 11:17:13 PDT; 47s ago

Docs: https://www.elastic.co

Process: 93031 ExecStart=/usr/share/elasticsearch/bin/systemd-entrypoint -p ${PID_DIR}/elasticsearch.pid --quiet (code=exited, status=1/FAILURE)

Main PID: 93031 (code=exited, status=1/FAILURE)

Oct 24 11:17:13 graylog systemd-entrypoint[93031]: at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86)

Oct 24 11:17:13 graylog systemd-entrypoint[93031]: at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:127)

Oct 24 11:17:13 graylog systemd-entrypoint[93031]: at org.elasticsearch.cli.Command.main(Command.java:90)

Oct 24 11:17:13 graylog systemd-entrypoint[93031]: at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:126)

Oct 24 11:17:13 graylog systemd-entrypoint[93031]: at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:92)

Oct 24 11:17:13 graylog systemd-entrypoint[93031]: For complete error details, refer to the log at /var/log/elasticsearch/graylog.log

Oct 24 11:17:13 graylog systemd[1]: elasticsearch.service: main process exited, code=exited, status=1/FAILURE

Oct 24 11:17:13 graylog systemd[1]: Failed to start Elasticsearch.

Oct 24 11:17:13 graylog systemd[1]: Unit elasticsearch.service entered failed state.

Oct 24 11:17:13 graylog systemd[1]: elasticsearch.service failed.

[root@graylog ~]#

[root@graylog ~]# journalctl -xe
– Unit elasticsearch.service has begun starting up.

Oct 24 11:14:21 graylog nslcd[1013]: [c714fc] <group/member=“elasticsearch”> no available LDAP server found: Server is unavailable: Resource temporarily unavailable

Oct 24 11:14:21 graylog nslcd[1013]: [c714fc] <group/member=“elasticsearch”> no available LDAP server found: Server is unavailable: Resource temporarily unavailable

Oct 24 11:14:25 graylog systemd-entrypoint[92649]: uncaught exception in thread [main]

Oct 24 11:14:25 graylog systemd-entrypoint[92649]: ElasticsearchException[failed to bind service]; nested: IOException[failed to test writes in data directory [/var/lib/elasticsearch/nodes/

Oct 24 11:14:25 graylog systemd-entrypoint[92649]: Likely root cause: java.nio.file.AccessDeniedException: /var/lib/elasticsearch/nodes/0/indices/L3DSLNc4SqSOYvlaiSPdjA/_state/.es_temp_file

Oct 24 11:14:25 graylog systemd-entrypoint[92649]: at java.base/sun.nio.fs.UnixException.translateToIOException(UnixException.java:90)

Oct 24 11:14:25 graylog systemd-entrypoint[92649]: at java.base/sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:106)

Oct 24 11:14:25 graylog systemd-entrypoint[92649]: at java.base/sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:111)

Oct 24 11:14:25 graylog systemd-entrypoint[92649]: at java.base/sun.nio.fs.UnixFileSystemProvider.newByteChannel(UnixFileSystemProvider.java:218)

Oct 24 11:14:25 graylog systemd-entrypoint[92649]: at java.base/java.nio.file.Files.newByteChannel(Files.java:375)

Oct 24 11:14:25 graylog systemd-entrypoint[92649]: at java.base/java.nio.file.Files.createFile(Files.java:652)

Oct 24 11:14:25 graylog systemd-entrypoint[92649]: at org.elasticsearch.env.NodeEnvironment.tryWriteTempFile(NodeEnvironment.java:1255)

Oct 24 11:14:25 graylog systemd-entrypoint[92649]: at org.elasticsearch.env.NodeEnvironment.assertCanWrite(NodeEnvironment.java:1226)

Oct 24 11:14:25 graylog systemd-entrypoint[92649]: at org.elasticsearch.env.NodeEnvironment.(NodeEnvironment.java:316)

Oct 24 11:14:25 graylog systemd-entrypoint[92649]: at org.elasticsearch.node.Node.(Node.java:362)

Oct 24 11:14:25 graylog systemd-entrypoint[92649]: at org.elasticsearch.node.Node.(Node.java:289)

Oct 24 11:14:25 graylog systemd-entrypoint[92649]: at org.elasticsearch.bootstrap.Bootstrap$5.(Bootstrap.java:227)

Oct 24 11:14:25 graylog systemd-entrypoint[92649]: at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:227)

Oct 24 11:14:25 graylog systemd-entrypoint[92649]: at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:393)

Oct 24 11:14:25 graylog systemd-entrypoint[92649]: at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:170)

Oct 24 11:14:25 graylog systemd-entrypoint[92649]: at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:161)

Oct 24 11:14:25 graylog systemd-entrypoint[92649]: at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86)

Oct 24 11:14:25 graylog systemd-entrypoint[92649]: at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:127)

Oct 24 11:14:25 graylog systemd-entrypoint[92649]: at org.elasticsearch.cli.Command.main(Command.java:90)

Oct 24 11:14:25 graylog systemd-entrypoint[92649]: at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:126)

Oct 24 11:14:25 graylog systemd-entrypoint[92649]: at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:92)

Oct 24 11:14:25 graylog systemd-entrypoint[92649]: For complete error details, refer to the log at /var/log/elasticsearch/graylog.log

Oct 24 11:14:25 graylog systemd[1]: elasticsearch.service: main process exited, code=exited, status=1/FAILURE

Oct 24 11:14:25 graylog systemd[1]: Failed to start Elasticsearch.

– Subject: Unit elasticsearch.service has failed

– Defined-By: systemd

– Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel

The only way I was able to get elasticsearch to start was to chmod -R 777 /var/lib/elasticsearch/nodes/ directories.

Very Odd. Why wouldn’t these be set correctly when it was installed?

Hello,

Yeah that’s not good for production, I never had to set permissions to the " World". Seams like you have something funky going on when this was installed.

That would be your instance,

I just installed Elasticsearch and OpenSearch on RH 8 and Ubuntu 20 & 22 and didn’t have an issue like that.

I looked over your logs and not sure what’s going on here.

no available LDAP server found: Server is unavailable: Resource temporarily unavailable

Instead of setting chmod 777 I would have set that directory so Elasticsearch would own it.

chown elasticsearch:elasticsearch -R  /var/lib/elasticsearch/nodes/

ElasticsearchException[failed to bind service]; nested: IOException[failed to test writes in data directory [/var/lib/elasticsearch/nodes/

Chances are that direct was set when the user installed ES , hence why…

ElasticsearchException[failed to bind service]

It did not own that directory so when you set the Directory for everyone it was able to use it. If you tried that already, im not sure , like I said above you have something funky going on with that instance not sure what.

This makes sense. Thanks