Sources page cant connect to api

Graylog Central (peer support)
, ,
1

Hello,

I have just set up graylog on Ubuntu for the first time. I am wanting to use it to gather windows logs.

On my test windows server I have configured nxlog and an input on graylog.

When I go to the sources page i get this…

Could not load sources data
Loading of sources data failed with status: Error: cannot GET http://ipaddress:9000/api/sources?range=3600 (500). Try reloading the page.

Could not load histogram data
Loading of histogram data failed with status: Error: cannot GET http://ipaddress:9000/api/search/universal/relative/histogram?query=*&range=3600&interval=minute (500)

Any help would be great

2

@mr_m_cox did you follow this guide? what is your setting for rest_listen_uri and web_listen_uri is your browser able to reach the configuration for both?

3

(post withdrawn by author, will be automatically deleted in 24 hours unless flagged)

4

If I browse to the rest uri get…
{“cluster_id”:“cd714371-c4fe-45d7-9eb1-2d0b75389aec”,“node_id”:“aff96a53-22dc-4b86-9c31-cd9adb49c34b”,“version”:“2.2.2+691b4b7”,“tagline”:“Manage your logs in the dark and have lasers going and make it look like you’re from space!”}

the web uri I get the web interface login page

I have noticed that on the on the search page I also get

Error Message:

blocked by: [SERVICE_UNAVAILABLE/1/state not recovered / initialized];: cannot GET http://ipaddress:9000/api/search/universal/relative?query=%2A&range=300&limit=150&sort=timestamp%3Adesc (500)
Search status code:
500

Thanks for the help.

5

Yes, I did follow that guide and went without issue.
The forum has blocked the uri paths I put up :frowning:

6

rest_listen_uri = http://ipaddress:9000/api/
web_listen_uri = http://ipaddress:9001/

The error remains if both ports are 9000

7

I want to highlight the second part of my question:

what is your setting for rest_listen_uri and web_listen_uri is your browser able to reach the configuration for both?

Is some Firewall / Forwarding / NAT / Proxy between you and the Server that might block the connection to the API?

8

is that not what you mean by “your browser able to reach config”?

9

Did you see errors in your Graylog or Elasticsearch Logfiles?
find the location of log files.

Are you sure that Elasticsearch is running and Graylog is connected to it? Did the Page system/indices return something?

1 Like
10

Looks like it cant connect to the elasticsearch.

This is the graylog.log entries following a service restart

image.png1066×346 194 KB

11

and the elasticsearch.log, it seems to not have added anything for some time now.

image.jpg1081×455 308 KB

12

The system/indices page displays the following error -

Could not retrieve index sets.
Fetching index sets list failed: blocked by: [SERVICE_UNAVAILABLE/1/state not recovered / initialized];

Ubuntu is showing the elasticsearch and graylog services as running bu clearly it cant connect.
I have set the cluster.name in elasticsearch.yml as graylog
The server.conf in /etc/graylog/server has…
elasticsearch_cluster_name = graylog
elasticsearch_discovery_zen_ping_unicast_hosts = ipaddress

13

So, commenting out this line has got it working! Yay.

Thanks so much for your help, I am sure i will have other questions.

Thanks again.