graylog 2.3 + elasticsearch 5.5.1

2019独角兽企业重金招聘Python工程师标准>>>

When use graylog 2.3 + elasticsearch 5.5.1 + mongodb 3.x, running on docker,  can not success start it. 

• graylog error event log :

graylog_1         | 2017-08-22 00:19:49,846 ERROR: org.graylog2.indexer.cluster.Cluster - Couldn't read cluster health for indices [graylog_*] (Could not connect to http://127.0.0.1:9200)
graylog_1         | 2017-08-22 00:19:49,846 INFO : org.graylog2.periodical.IndexerClusterCheckerThread - Indexer not fully initialized yet. Skipping periodic cluster check.
graylog_1         | 2017-08-22 00:20:20,244 WARN : org.graylog2.migrations.V20161130141500_DefaultStreamRecalcIndexRanges - Interrupted or timed out waiting for Elasticsearch cluster, checking again.

• graylog web UI error message:

Could not load field information
Loading field information failed with status: cannot GET http://10.245.254.127:9000/api/system/fields (500)

 

From graylog web page: , have this message:

Starting with version 2.3, Graylog uses the HTTP protocol to connect to your Elasticsearch cluster ...

The most important setting to make a successful connection is a list of comma-separated URIs 
to one or more Elasticsearch nodes. Graylog needs to know the address of at least one other
Elasticsearch node given in the elasticsearch_hosts setting. The specified value should 
at least contain the scheme (http:// for unencrypted, https:// for encrypted connections), 
the hostname or IP and the port of the HTTP listener (which is 9200 unless otherwise configured)
of this node. 

So, need add this option when running graylog

GRAYLOG_ELASTICSEARCH_HOSTS: http://elasticsearch:9200/

 

Complete command running on docker:

# docker run --name mongo -d mongo:3

# docker run --name elasticsearch \
	-p 9200:9200 \
	-e "http.host=0.0.0.0" -e "xpack.security.enabled=false" -e "cluster.name=graylog" \
	-d docker.elastic.co/elasticsearch/elasticsearch:5.5.1
		
# docker run --name graylog_v2.3 \
	--link mongo --link elasticsearch \
	-p 9000:9000 -p 12201:12201 -p 5044:5044 \
	-e GRAYLOG_WEB_ENDPOINT_URI="http://10.245.254.127:9000/api" \
	-e GRAYLOG_ELASTICSEARCH_HOSTS="http://10.245.254.127:9200/" \
	-d graylog/graylog:2.3.0-1

 

after this, below command can get correct info:

root@E2B07u16:~/yml# curl -XGET 'http://localhost:9200/_template/graylog-internal?pretty'
{
  "graylog-internal" : {
    "order" : -1,
    "template" : "graylog_*",
    "settings" : {
      "index" : {
        "analysis" : {
          "analyzer" : {
            "analyzer_keyword" : {
              "filter" : "lowercase",
              "tokenizer" : "keyword"
            }
          }
        }
      }
    },
    "mappings" : {
      "message" : {
        "_source" : {
          "enabled" : true
        },
        "dynamic_templates" : [
          {
            "internal_fields" : {
              "mapping" : {
                "type" : "keyword"
              },
              "match" : "gl2_*"
            }
          },
          {
            "store_generic" : {
              "mapping" : {
                "index" : "not_analyzed"
              },
              "match" : "*"
            }
          }
        ],
        "properties" : {
          "full_message" : {
            "fielddata" : false,
            "analyzer" : "standard",
            "type" : "text"
          },
          "streams" : {
            "type" : "keyword"
          },
          "source" : {
            "fielddata" : true,
            "analyzer" : "analyzer_keyword",
            "type" : "text"
          },
          "message" : {
            "fielddata" : false,
            "analyzer" : "standard",
            "type" : "text"
          },
          "timestamp" : {
            "format" : "yyyy-MM-dd HH:mm:ss.SSS",
            "type" : "date"
          }
        }
      }
    },
    "aliases" : { }
  }
}

 

转载于:https://my.oschina.net/u/3362827/blog/1519119