Good afternoon Grayloggers,
I am currently looking to establish TCP syslog ingestion on my graylog cluster. I have enabled TCP traffic to the graylog server from it’s target and redirected traffic from 1514 to 514. “However I still come up with permission denials or cannot bind to address”. The last error is rather confusing to me, we have our graylog’s elasticsearch_host set to an AWS VPC that is configured for 6.7. Any help solving this issue would be appreciated. The spam message also happens when I attempt Beat ingestion as well. Below is attached some logs, this gets repeated throughout my logs.
[IndexRetentionThread] Elasticsearch cluster not available, skipping index retention checks. INFO [MongoIndexSet] Did not find a deflector alias. Setting one up now. [MongoIndexSet] There is no index target to point to. Creating one now. INFO [MongoIndexSet] Cycling from <none> to <graylog_0>. [MongoIndexSet] Creating target index <graylog_0>. WARN [IndexFieldTypePollerPeriodical] Active write index for index set "Default index set" (5e79644d61988237105f0b21) doesn't exist yet ERROR [IndexRotationThread] Couldn't point deflector to a new index org.graylog2.indexer.ElasticsearchException: Unsupported Elasticsearch version: 7.1.1