There is no index target to point to. Creating one now

Tranewrekk · April 2, 2020, 12:01am

Good afternoon Grayloggers,
I am currently looking to establish TCP syslog ingestion on my graylog cluster. I have enabled TCP traffic to the graylog server from it’s target and redirected traffic from 1514 to 514. “However I still come up with permission denials or cannot bind to address”. The last error is rather confusing to me, we have our graylog’s elasticsearch_host set to an AWS VPC that is configured for 6.7. Any help solving this issue would be appreciated. The spam message also happens when I attempt Beat ingestion as well. Below is attached some logs, this gets repeated throughout my logs.

[IndexRetentionThread] Elasticsearch cluster not available, skipping index retention checks.
INFO  [MongoIndexSet] Did not find a deflector alias. Setting one up now.
[MongoIndexSet] There is no index target to point to. Creating one now.
INFO  [MongoIndexSet] Cycling from <none> to <graylog_0>.
[MongoIndexSet] Creating target index <graylog_0>.
WARN  [IndexFieldTypePollerPeriodical] Active write index for index set "Default index set" 
(5e79644d61988237105f0b21) doesn't exist yet
ERROR [IndexRotationThread] Couldn't point deflector to a new index
org.graylog2.indexer.ElasticsearchException: Unsupported Elasticsearch version: 7.1.1

facyber · April 2, 2020, 10:05am

What is your Graylog version?

And also what is your Elasticsearch version?

By the last line of your log input, you are using 7.1.1 which is not supported by official documentation as you can see in the Elasticsearch versions section.

Graylog 3.x does not work with Elasticsearch 7.x!

You can check Elasticsearch version with a command:

curl -s -X GET "http://localhost:9200"

Cheers!

Tranewrekk · April 3, 2020, 1:27am

Thanks for the reply!I am running graylog 3.x. Do i need elasticsearch to be running locally?I have graylog pointed to a VPC endpoint that is set to 6.8. I have elasticsearch and beats running on another server. On the other server I have Elasticsearch 6.8.7 running.

facyber · April 3, 2020, 6:27am

For that I am not sure to be honest. I do know they Elastic and Graylog don’t need to be on the same server, but not sure if they can be in different networks. If Graylog server can reach Elasticsearch cluster, then I don’t see a problem, but then again it is weird that it is reporting that error about Elasticsearch version 7.1.1 when you are using 6.8.

Have you tested communication between Elasticsearch server and Graylog server?

system · April 17, 2020, 6:27am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
AWS Elasticsearch unable to create indices Graylog Central (peer support)	3	1316	April 27, 2018
Unable to create index template graylog-internal Graylog Central (peer support)	3	6328	June 6, 2017
Index problem after upgrade to 4 Graylog Central (peer support)	6	2711	December 16, 2020
Post Upgrade (Graylog 3.0.2 / Elasticsearch 6.7.2) Index problems Graylog Central (peer support)	5	1180	June 3, 2019
Graylog not functioning Graylog Central (peer support)	12	1946	May 29, 2018

There is no index target to point to. Creating one now

Related topics