Did you install graylog via the apt package?
Are there any other errors? I looked up that ‘An I/O error has occurred while writing a response message entity to the container output stream’ error but it seems possibly more of symptom than a cause. Can you share a larger portion of the server.log file?
Can you also tell me a bit about your graylog cluster architecture? Are mongodb and opensearch on the same server? Different server? Are you able to reach both mongodb and opensearch ( curl http://:9200 ) via your graylog server?
Also, do you have the ability to look at historical cpu load on the server? I found several threads here with the exact same error and what i can find is that it seems like more of a timeout than an error, where graylog isn’t able to complete the web request. This thread theorizes about server resources and cpu load Graylog journal continuously growing up - #7 by mpolitaev .
Something else that could possibly help is increasing the java heap for graylog-server. The default is 1g but i recommend setting to 2g:
- edit
/etc/default/graylog-server - modify both
-Xmsand-Xmxto be 2g:
- save file
the below sed command also does the same thing:
sudo sed 's/-Xmx[0-9]\+g /-Xmx2g /g' /etc/default/graylog-server && sudo sed 's/-Xms[0-9]\+g /-Xms2g /g' /etc/default/graylog-server