I installed the Graylog as a multi setup node (3 node). I added one Syslog input correctly. but when I click on “show received messages”, I can not see any message, because it is in loading state as you see in the following photo
Hi Pouriajj,
Have you checked Graylog logs and/or Elasticsearch logs?
Also do try tcpdump to see if your Graylog server receives at all any logs.
Cheers.
- check your elastic cluster, it should have some error…
- check the quoted part. Graylog used these ports before version 2.5. I think you missed something at the installation.
- if you installed a 3 node cluster, why you use localhost addresses?
Hi macko003,
Yes, it’s strange. I didn’t configure it in graylog and elastic
I don’t know why used from 127.0.0.1:9350.
The elastic status is ok : (I didn’t see any error in elastic log)
[root@graylog2 ~]# curl -XGET ‘http://xx.xx.xx.84:9200/_cluster/health?pretty’
{
“cluster_name” : “graylog”,
“status” : “green”,
“timed_out” : false,
“number_of_nodes” : 4,
“number_of_data_nodes” : 3,
“active_primary_shards” : 1,
“active_shards” : 1,
“relocating_shards” : 0,
“initializing_shards” : 0,
“unassigned_shards” : 0,
“delayed_unassigned_shards” : 0,
“number_of_pending_tasks” : 0,
“number_of_in_flight_fetch” : 0,
“task_max_waiting_in_queue_millis” : 0,
“active_shards_percent_as_number” : 100.0
}
Please check you installation again. In a 3 node cluster how do you have 4 nodes?
And also, check the graylog’s config and logs.
I Edited the graylog configuration :
elasticsearch_shards= 4 to 3
the node numbers have been changed to 6. It’s that strange 
[root@graylog1 ~]# curl -XGET ‘http://xx.xx.xx.84:9200/_cluster/health?pretty’
{
“cluster_name” : “graylog”,
“status” : “green”,
“timed_out” : false,
“number_of_nodes” : 6,
“number_of_data_nodes” : 3,
“active_primary_shards” : 1,
“active_shards” : 1,
“relocating_shards” : 0,
“initializing_shards” : 0,
“unassigned_shards” : 0,
“delayed_unassigned_shards” : 0,
“number_of_pending_tasks” : 0,
“number_of_in_flight_fetch” : 0,
“task_max_waiting_in_queue_millis” : 0,
“active_shards_percent_as_number” : 100.0
}
I removed “127.0.0.1” in the elastic and Graylog configs and The “127.0.0.1:9350” Error resolved in logs.
also in first host I have the warn log yet :
[searchResource] Unable to execute search : all shards failed
But didn’t have been change in search state in Graylog web GUI.
first fix your cluster.
In a 3 node cluster you should have 3 nodes. Surprise…
What do you get for the _cat/nodes url?
The output of command:
[root@graylog1 ~]# curl -XGET http://xx.xx.xx.84:9200/_cat/nodes
xx.xx.xx.84 xx.xx.xx.84 22 48 0.00 c - graylog-6d1d05c9-22c3-4c4b-b773-30b4a5aac0fb
xx.xx.xx.85 xx.xx.xx.85 22 44 0.00 c - graylog-224daa12-f08e-47f3-b474-b15b9bda387f
xx.xx.xx.85 xx.xx.xx.85 4 44 0.00 d m elasticsearch2
xx.xx.xx.86 xx.xx.xx.86 12 45 0.03 c - graylog-72f76a2c-7a72-4f0b-a66e-22d926013afb
xx.xx.xx.84 xx.xx.xx.84 7 48 0.00 d m elasticsearch1
xx.xx.xx.86 xx.xx.xx.86 4 45 0.03 d * elasticsearch3
what graylog and elasticsearch version do you use?
Graylog-server version : 2.0.3
elasticsearch version : 2.4.6
ahh… it is normal in this case. But Why do you use a 2-4 years old versions?
Use fresh once.
1 Like
I installed Vi yum in centos7.
Is it mean that there is a bug in these versions?
If your response is yes , how to I upgrade these?
It is a very-very old version, I don’t know your problem come from a bug, or not, but I think you have no clue to use an outdated version.
I suggest to do a clean install.
https://docs.graylog.org/en/3.2/pages/installation.html
Thank you macko03.
I will try to installing the new version.
Hi macko003,
I installed the new version of elastic and Graylog.
elasticsearch version : 6.8.8-1
graylog-server version : 2.5.2-1
The issue resolved as you see in the following photo :
Thanks alot.
only I have warn message on all hosts :
WARN [NodePingThread] Did not find meta info of this node. Re-registering.
Graylog 3.2 is the last one.
But there are a lot of information about disadvantages about the new style, so maybe the 3.1 is a good one too.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.