Message Count duplicated

Hi,
I have:
2x GrayLog nodes
no load balancer, just a dns round-robin.
graylog.endpoint.com with two dns A records.

At the moment I only have one input enabled.
its pointed to http://graylog.endpoint.com:$myport

the input is configured as “global”

I cannot find evidence of messages on Elasticsearch duplicating.
But as per screenshot, the metric of incoming messages is duplicated between the two nodes.

Also please note the NETWORK stats from both instances on the left.

I don’t understand what is going on.
Why are the JVM and message count metrics identical?

i guess it is a wron configuration.

what is your http_* configuration?
should you be on 2.X what is the configuration of rest_* and web_* ?

Everything else works fine. Just the metrics are duplicated…
node-id is unique between the two. one is master, the other is not.
as per screenshot, both show up as separate nodes, yet…

The following configuration is the same on both:

/etc/graylog/server/server.conf:

...
http_publish_uri = https://graylog.endpoint.com/
http_external_uri = https://graylog.endpoint.com/
...

/etc/nginx/nginx.conf:

...
   server {
	listen       443 ssl http2 default_server;
        listen       [::]:443 ssl http2 default_server;
        server_name  graylog.endpoint.com;
        root         /usr/share/nginx/html;
 
        ssl_certificate "/etc/letsencrypt/live/graylog.endpoint.com/fullchain.pem";
        ssl_certificate_key "/etc/letsencrypt/live/graylog.endpoint.com/privkey.pem";
        ssl_session_cache shared:SSL:1m;
        ssl_session_timeout  10m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers HIGH:SEED:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!RSAPSK:!aDH:!aECDH:!EDH-DSS-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!SRP;
        ssl_prefer_server_ciphers on;
 
        include /etc/nginx/default.d/*.conf;
        location / {
            proxy_set_header Host $http_host;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection 'upgrade';
            proxy_set_header X-Forwarded-Host $host;
            proxy_set_header X-Forwarded-Server $host;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Graylog-Server-URL https://$server_name/;
            #rewrite          ^/(.*)$  /$1  break;
            proxy_pass       http://127.0.0.1:9000;
        }
 
	error_page 404 /404.html;
            location = /40x.html {
        }
 
	error_page 500 502 503 504 /50x.html;
            location = /50x.html {
        }
    }
...

The following configuration is the same on both:

http_publish_uri = https://graylog.endpoint.com/

You should really re-read the docs: http://docs.graylog.org/en/3.0/pages/configuration/server.conf.html#web-rest-api

  • The HTTP URI of this Graylog node which is used to communicate with the other Graylog nodes in the cluster and by all clients using the Graylog web interface.
  • The URI will be published in the cluster discovery APIs, so that other Graylog nodes will be able to find and connect to this Graylog node.
  • This configuration setting has to be used if this Graylog node is available on another network interface than $http_bind_address, for example if the machine has multiple network interfaces or is behind a NAT gateway.
  • If http_bind_address contains a wildcard IPv4 address (0.0.0.0), the first non-loopback IPv4 address of this machine will be used.
  • This configuration setting must not contain a wildcard address!

just tried settings it to public ip address. and removing server name from nginx config so it accepts connection on the external ip.
web interface now lists the node, but says metrics are not available.

I guess NGINX isn’t really necessary at this point.
I’m only using nginx for the https part.

publish_uri = each nodes own uniq access (how communication between them can be done)
external_uri = how your browser can connect (your NGINX)

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.