There is no index target to point to. Creating one now

Good afternoon Grayloggers,
I am currently looking to establish TCP syslog ingestion on my graylog cluster. I have enabled TCP traffic to the graylog server from it’s target and redirected traffic from 1514 to 514. “However I still come up with permission denials or cannot bind to address”. The last error is rather confusing to me, we have our graylog’s elasticsearch_host set to an AWS VPC that is configured for 6.7. Any help solving this issue would be appreciated. The spam message also happens when I attempt Beat ingestion as well. Below is attached some logs, this gets repeated throughout my logs.

[IndexRetentionThread] Elasticsearch cluster not available, skipping index retention checks.
INFO  [MongoIndexSet] Did not find a deflector alias. Setting one up now.
[MongoIndexSet] There is no index target to point to. Creating one now.
INFO  [MongoIndexSet] Cycling from <none> to <graylog_0>.
[MongoIndexSet] Creating target index <graylog_0>.
WARN  [IndexFieldTypePollerPeriodical] Active write index for index set "Default index set" 
(5e79644d61988237105f0b21) doesn't exist yet
ERROR [IndexRotationThread] Couldn't point deflector to a new index
org.graylog2.indexer.ElasticsearchException: Unsupported Elasticsearch version: 7.1.1

What is your Graylog version?

And also what is your Elasticsearch version?

By the last line of your log input, you are using 7.1.1 which is not supported by official documentation as you can see in the Elasticsearch versions section.

Graylog 3.x does not work with Elasticsearch 7.x!

You can check Elasticsearch version with a command:

curl -s -X GET "http://localhost:9200"

Cheers!

1 Like

Thanks for the reply!I am running graylog 3.x. Do i need elasticsearch to be running locally?I have graylog pointed to a VPC endpoint that is set to 6.8. I have elasticsearch and beats running on another server. On the other server I have Elasticsearch 6.8.7 running.

For that I am not sure to be honest. I do know they Elastic and Graylog don’t need to be on the same server, but not sure if they can be in different networks. If Graylog server can reach Elasticsearch cluster, then I don’t see a problem, but then again it is weird that it is reporting that error about Elasticsearch version 7.1.1 when you are using 6.8.

Have you tested communication between Elasticsearch server and Graylog server?

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.