Indexer is not available

docgyan · June 9, 2025, 8:11am

1. Describe your incident:

2. Describe your environment:

OS Information:

DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=24.04
DISTRIB_CODENAME=noble
DISTRIB_DESCRIPTION="Ubuntu 24.04.2 LTS"

Package Version:

graylog-datanode                         6.1.10-1                                amd64        Graylog data node
graylog-server                           6.1.10-1                                amd64        Graylog server
mongodb-org-server                       7.0.18                                  amd64        MongoDB database server

3. What steps have you already taken to try and solve the problem?

Tried to change the hostname to azne-xyz-xyz
restarted the machine
checked if the service is working or not ( its working )

4. How can the community help?
Below is the error i am facing, I tried to login for the first time using the creds which was mentioned in the Graylog log file as mentioned in the docs and still facing the below issue. First login was done through browser but currently its not loading up on browser too.

INFO  [VersionProbe] Indexer is not available. Retry #5
Unable to retrieve version from indexer node: Hostname azne-xyz-xyz.global.local not verified:
    certificate: sha256/B3ZAzOja/oqY+g56xyzxyzx8uf3npK1m7IB/CqchckU=
    DN: CN=azne-xyz-xyz
    subjectAltNames: [0:0:0:0:0:0:0:1, 127.0.0.1, 10.5.x.x, localhost, azne-xyz-xyz, ip6-localhost]. - Hostname azne-xyz-xyz.global.local not verified:
    certificate: sha256/B3ZAzOja/oqY+g56xyzxyzx8uf3npK1m7IB/CqchckU=
    DN: CN=azne-xyz-xyz
    subjectAltNames: [0:0:0:0:0:0:0:1, 127.0.0.1, 10.5.x.x, localhost, azne-xyz-xyz, ip6-localhost].

Note: I have Installed Graylog-server and datanode both on the same node.

Please help me out in resolving this issue.

Tdvorak · June 11, 2025, 11:24am

Hi @docgyan
Can you tell me where is the azne-xyz-xyz.global.local coming from? Is this a hostname hardcoded somewhere? Is this in your datanode.conf or graylog.conf file used somewhere?

The problem is that the certificate generated for your datanode contains only azne-xyz-xyz in SAN and there is no entry with the .global.local suffix that’s being used to access your datanode. So let’s figure out what is coming from where and then we can try to correct the problem or configuration.

docgyan · June 11, 2025, 12:10pm

Hello, Thank you for responding.

Below are my files:-
datanode conf:

node_id_file = /etc/graylog/datanode/node-id
config_location = /etc/graylog/datanode
password_secret = XXXXXXXXXLSsSNDpOQzzc1gP8e44FRHa2ITzQsNxg48YXieWVEAzWo5jqGkH5MRXAg1B67Ixla9pDgKZHLE-ekAgUXXXXXXX
root_password_sha2 =
mongodb_uri = mongodb://localhost/graylog
opensearch_location = /usr/share/graylog-datanode/dist
opensearch_config_location = /var/lib/graylog-datanode/opensearch/config
opensearch_data_location = /var/lib/graylog-datanode/opensearch/data
opensearch_logs_location = /var/log/graylog-datanode/opensearch
opensearch_heap = 8g

Graylog conf:

is_leader = true
node_id_file = /etc/graylog/server/node-id
password_secret = XXXXXXXXXLSsSNDpOQzzc1gP8e44FRHa2ITzQsNxg48YXieWVEAzWo5jqGkH5MRXAg1B67Ixla9pDgKZHLE-ekAgXXXXXXXx
root_password_sha2 = fc9b63a79bfd52787b6e93de9befd76acd8971384e3e222222221800bedfef81
bin_dir = /usr/share/graylog-server/bin
data_dir = /var/lib/graylog-server
plugin_dir = /usr/share/graylog-server/plugin
http_bind_address = 10.5.X.X:9000
http_publish_uri = http://10.5.X.X:9000/
http_external_uri = http://10.5.X.X:9000/
stream_aware_field_types=false
disabled_retention_strategies = none,close
allow_leading_wildcard_searches = false
allow_highlighting = false
field_value_suggestion_mode = on
output_batch_size = 500
output_flush_interval = 1
output_fault_count_threshold = 5
output_fault_penalty_seconds = 30
processor_wait_strategy = blocking
ring_size = 65536
inputbuffer_ring_size = 65536
inputbuffer_wait_strategy = blocking
message_journal_enabled = true
message_journal_dir = /var/lib/graylog-server/journal
message_journal_max_age = 72h
message_journal_max_size =100gb
lb_recognition_period_seconds = 3
mongodb_uri = mongodb://localhost/graylog
mongodb_max_connections = 1000
integrations_scripts_dir = /usr/share/graylog-server/scripts

But i found .global.local been hardcoded under /var/lib/graylog-datanode/opensearch/config/opensearch/opensearch.yml file and i edited it and restarted datanode/graylog services but still no luck.

Let me know if i have missed anything else.

Tdvorak · June 11, 2025, 12:20pm

Thanks! The opensearch.yml is regenerated during every datanode restart, so any change you do there won’t be reflected. You have to configure these in datanode.conf.

If your machine can resolve/ping azne-xyz-xyz, then I’d suggest to set

hostname=azne-xyz-xyz

in your datanode.conf and override the hostname autodetection. Then try to restart the datanode/server and check if the connection is ok and there are no errors in logs.

docgyan · June 13, 2025, 7:34am

Thanks, this worked!

system · June 27, 2025, 7:35am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Failled to add new Datanode Graylog Central (peer support) data-node	25	190	June 5, 2025
Wazuh-Indexer Opensearch to graylog - Host not verified Graylog Central (peer support)	10	2298	January 26, 2023
Graylog in Docker - Certificate Broken Graylog Central (peer support) docker	2	1399	December 6, 2023
Certificate issue Graylog Central (peer support) data-node	9	53	July 7, 2025
Graylog Web UI is not running Graylog Central (peer support)	3	25	July 2, 2025

Indexer is not available

Related topics