l’m currently facing something really strange, every monday, when i get back to work, it looks like the stream flow is interrupted.
There are few errors into my graylog server log :
ERROR [IndexRotationThread] Couldn’t point deflector to a new index
org.graylog2.indexer.ElasticsearchException: Couldn’t check existence of alias zimbra_deflector
ERROR [IndexRetentionThread] Uncaught exception in periodical
org.graylog2.indexer.ElasticsearchException: Couldn’t collect indices for alias graylog_7_reopened
ERROR [IndexRotationThread] Couldn’t point deflector to a new index
org.graylog2.indexer.ElasticsearchException: Couldn’t collect aliases for index pattern graylog_*
ERROR [AESTools] Could not decrypt value.
javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.
Looking to the shards :
curl -X GET 10.10.15.107:9200/_cat_shards
{“error”:{“root_cause”:[{“type”:“illegal_argument_exception”,“reason”:“No endpoint or operation is available at [_cat_shards]”}],“type”:“illegal_argument_exception”,“reason”:“No endpoint or operation is available at [_cat_shards]”},“status”:400}
Looking to the indices :
curl 10.10.15.107:9200/_cat/indices?v
everything is green and open.
I know that rebooting the server will solve my problem, but the idea is to identify what’s missing
instead of an auto reboot.
I’ve forgotten to add some details about it. There is no problem around low disk space and the elasticsearch graylog.log is almost empty of any error. (there is no /var/log/elasticsearch/graylog-2019-02-24.log for yesterday).
For the /var/log/elasticsearch/graylog-2019-02-23.log, some warns during ten minutes :
exception caught on transport layer [[id: 0x1c326412, L:/10.10.15.107:9300 - R:/10.10.15.109:48584]], closing connection