Unable to search in all messages


(Michael Martel) #1

Greetings!

We upgraded to version 2.3.0 today, and can no longer search in ALL messages. If we search in anything less than ALL it appears to work fine. When we search in ALL messages we get this :

Could not execute search
There was an error executing your search. Please check your Graylog server logs for more information.

Error Message:
Unable to perform search query.
Details:
Search status code:
500
Search response:
cannot GET http://xxx.xxx.xxx.xxx:12900/api/search/universal/relativequery=*&range=0&limit=150&sort=timestamp%3Adesc (500)

We don’t see anything in the graylog server log that indicates anything.


(Michael Martel) #2

I should have said, that this is on CentOS 7, and we did the upgrade with the RPM package via yum. Elasticsearch is 2.4.6-1 . Thanks!


(Jochen) #3

Anything in the logs of your Graylog and Elasticsearch node(s)?
:arrow_right: http://docs.graylog.org/en/2.3/pages/configuration/file_location.html


(Michael Martel) #4

I must admit to being an idiot, I did not check the Elasticsearch nodes because I assumed this was a web server error. AND of course there’s the error.

Caught exception while handling client http traffic, closing connection [id: 0xc240ea17, /xxx.xxx.xxx.xxx:14692 => /xxx.xxx.xxx.xxx:10102]
org.jboss.netty.handler.codec.frame.TooLongFrameException: An HTTP line is larger than 4096 bytes.

And if I then take a few seconds to google the error I find that I can configure this http.max_initial_line_length to fix my problem.

Testing that now to see if that does indeed fix it, and what I need to set it to.

Sorry to waste your time with inadequate troubleshooting!!


Graylog web interface is slow after upgrade
(Michael Martel) #5

Ok, so I bumped that up to 12kb and the error seems to happen less frequently. I still cannot search ALL messages, getting the same error. This time though, there is nothing in the log files that I can see. I’m sure I’m missing something, I just am not sure what it is.


(Jochen) #6

This seems to be a regression in Graylog 2.3.0. We’ll try to fix this in the forthcoming Graylog 2.3.1 bugfix release.

https://github.com/Graylog2/graylog2-server/issues/4054


(system) #7

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.