Not "Show Messages from the Only SideCar reporting to the Graylog Server

Graylog Central (peer support)
, , , ,
1

Before you post: Your responses to these questions will help the community help you. Please complete this template if you’re asking a support question.
Don’t forget to select tags to help index your topic!

1. Describe your incident: Had Graylog working up to the point of not seeing “Show Messages” yesterday. I thought I’d get back on it today to look into ElasticSearch, but only to see I’ve now gone backwards due to something happening and now the SideCar that was running is now failing.
While retrieving data for this widget, the following error(s) occurred:

  • Elasticsearch exception [type=index_not_found_exception, reason=no such index.

Collectors status

filebeat: Couldn’t execute collector /usr/share/filebeat/bin/filebeat, binary path is not included in `collector_binaries_accesslist’ config option.

2. Describe your environment: AWS rhel 7 instance

  • OS Information:rhel 7

  • Package Version: SideCar 1.4

  • Service logs, configurations, and environment variables:
    Will attach whatever Graylog Lords will allow me

3. What steps have you already taken to try and solve the problem?
Watched videos, read the step-by-steps, stumped what to do as I am new to Graylog etc.

4. How can the community help? Review my attachments I’m allowed to upload to hopefully assist me as to why I went backwards as of this morning and hopefully get my SideCar to run again and hopefully see my “show messages” for the only 1 SideCar I have reporting to the Graylog server.

Helpful Posting Tips: Tips for Posting Questions that Get Answers [Hold down CTRL and link on link to open tips documents in a separate tab]

2

Graylog_Inputs
Graylog_Inputs1917×841 42.1 KB

InstanceLaunchError
InstanceLaunchError1919×331 27.8 KB

MetricsSnippet
MetricsSnippet1088×728 52.2 KB

SideCar-Collector
SideCar-Collector1918×936 67.7 KB

SideCar-FailingJuly142023
SideCar-FailingJuly1420231916×964 55.5 KB

SideCar-OutputsCluster
SideCar-OutputsCluster1914×549 33.3 KB

SideCar-Status
SideCar-Status975×966 46.9 KB

Unfortunately I didn’t get a snippet of it when it was running and didn’t get those errors besides not showing messages.

Thank you in advance for replying.

3

Hello,

On your target node you want get the logs. You have installed the sidecar agent and filebeat binary.
You need to add to your sidecar.yml

collector_binaries_accesslist:
- "/usr/share/filebeat/bin/filebeat" (change the path according to your filebeat binary path)

I have NXLOG and this is my config:

cat /etc/graylog/sidecar/sidecar.yml
server_url: "https://graylog.company.lan/api"
server_api_token: "token"
node_id: "file:/etc/graylog/sidecar/node-id"
node_name: ""
update_interval: 10
tls_skip_verify: true
send_status: true
list_log_files: []
cache_path: "/var/cache/graylog-sidecar"
log_rotate_max_file_size: "10MiB"
log_rotate_keep_files: 10
collector_validation_timeout: "1m"
collector_shutdown_timeout: "10s"
tags:
 #- apache-logs
 #- dns-logs

collector_binaries_accesslist:
  - "/usr/bin/nxlog"

If I remove the collector_binaries_accesslist, I got the same error than you, same case on Windows.

1 Like
4

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.