Graylog server cannot connect to ElasticSearch

milkncookiez · August 9, 2017, 3:17pm

I’m following this getting-started guide. Mongo and ElasticSearch lift correctly, but the Graylog server does not access ElasticSearch.

This is the docker-compose configuration I use for it (I’m on a Mac, that’s why I declare the networks additionally):

version: '2'
services:
  mongo:
    image: "mongo:3"
    container_name: graylog-mongo
    tty: true
    networks:
      - graylog_default

  elasticsearch:
    image: "elasticsearch:5"
    container_name: graylog-elastic
    #command: "elasticsearch -dEs.cluster.name='graylog'"
    tty: true
    ports:
      - "9200:9200"
    networks:
      - graylog_default

  graylog:
    image: graylog2/server:2.3.0-1
    container_name: graylog-server
    tty: true
    environment:
      GRAYLOG_PASSWORD_SECRET: asdf1234asdf1234
      GRAYLOG_ROOT_PASSWORD_SHA2: 5edf3ff590e9e85565024392d4938564a411dcd3ae9f6787d1e2a087098381f1
      GRAYLOG_WEB_ENDPOINT_URI: http://127.0.0.1:9000/api
    depends_on:
      - mongo
      - elasticsearch
    ports:
      - "9000:9000"
      - "5555:5555"
    networks:
      - graylog_default

networks:
  default:
    external:
      name: graylog_default

I’ve got 2 questions:

Can I review messages w/o having the elastic search running (cuz I could not list/view/find any messages, even though I can see statistics that I have a number of unprocessed messages)
I believe it’s a networking problem between Graylog and ES. Graylog should be trying to access ES on graylog-elastic:9200 host instead of on localhost:9200. Is there a way to specify that?

milkncookiez · August 10, 2017, 9:49am

Okay, I found it…
In the Graylog server, in the graylog.conf file located in /usr/share/graylog/data/config/ I added the line:

elasticsearch_hosts=http://graylog-elastic:9200

So, basically, I told Graylog to look for the ES server at a specific URI instead of using the default 127.0.0.1:9200

jochen · August 10, 2017, 10:14am

You can override that setting with the GRAYLOG_ELASTICSEARCH_HOSTS environment variable and don’t need to modify the configuration file.

jochen · August 10, 2017, 4:18pm

I’ve given the Docker chapter from the documentation an overhaul.

Feel free to check out and comment on PR #348.

The new Docker chapter can be previewed at:

github.com

Graylog2/documentation/blob/ef9d26a/pages/installation/docker.rst

******
Docker
******

Requirements
------------

You will need a fairly recent version of `Docker <https://docs.docker.com/installation/>`__.

We will use the following Docker images in this chapter:

* Graylog: `graylog/graylog <https://hub.docker.com/r/graylog/graylog/>`_
* MongoDB: `mongo <https://hub.docker.com/_/mongo/>`_
* Elasticsearch: `docker.elastic.co/elasticsearch/elasticsearch <https://www.elastic.co/guide/en/elasticsearch/reference/5.5/docker.html>`_


Quick start
-----------

If you simply want to checkout Graylog without any further customization, you can run the following three commands to create the necessary environment::

This file has been truncated. show original

milkncookiez · August 11, 2017, 9:17am

The Quick Start looks much better with the updated commands! Nice work!

system · August 25, 2017, 9:17am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Couldn't read cluster health for indices [graylog_*] (Could not connect to http://127.0.0.1:9200) Graylog Central (peer support)	5	2488	April 25, 2020
Graylog web interface problem! Graylog Central (peer support)	12	4785	February 19, 2019
Docker compose with elasticsearch fails to connect to cluster Graylog Central (peer support)	3	5047	September 4, 2017
Can't get docker graylog up and running Graylog Central (peer support)	3	7342	January 2, 2019
Couldn't read cluster health for indices [graylog_*] Graylog Central (peer support)	9	3075	March 12, 2019

Graylog server cannot connect to ElasticSearch

Related topics