Hi, I installed graylog via the ansible-role.
I edited the /etc/graylog/server/server.conf to my liking and everything seams to work.
graylog: Graylog 2.4.6
mongo: v3.4.17
elasticseach: 6.4.0
JVM: 1.8.0_181
There is one problem though, no messages are logged, I cannot find them anywhere.
There is the “Deflector exists as an index and is not an alias.” message. I read a lot of threads about this already but nothing helped.
I deleted the index via curl -X DELETE “localhost:9200/graylog_deflector” which deleted the index but if I switch to action.auto_create_index: “false”, the Elsaticsearch service is unable to restart tellimg me that
Caused by: java.lang.IllegalArgumentException: the [action.auto_create_index] setting value [false] is too restrictive. disable [action.auto_create_index] or set it to [.watches, .triggered_watches, .watcher-history-*]
Changing it to the recommended [.watches, .triggered_watches, .watcher-history-*] let’s Elastic start again but there are a couple of thousand messages coming from graylog_deflector
{“type”:“index_not_found_exception”,“reason”:“no such index and [action.auto_create_index] ([.watches,.triggered_watches,.watcher-history-*]) doesn’t match”,“index_uuid”:“na”,“index”:“graylog_deflector”}
I changed it back to “true” and tested some other things.
I created a new Index, set it as default and tried to rotate it, all to no avail.
There is now two indices “Index” which is set as default but is empty, and the “Default index set” which seems to collect all the messages
curl -X GET “localhost:9200/_cat/indices?v” shows that the “graylog_deflector” is back
I am now at the end of my wits.
Any help to get the messages correctly would be very much appreciated.
