1

I try to follow Digital Ocean manual except using last versions of components. My elasticsearch.yml:

cluster.name: graylog2
network.bind_host: localhost
network.publish_host: localhost
script.disable_dynamic: true

Elasticsearch says it is ok. Then I try three versions of graylog2.conf:

is_master = true
node_id_file = /etc/graylog2-server-node-id
password_secret = YRdFrLaoQQfRuSccOhU7Vy8vfoWlobVK5ZXf9G6joag4KyPQMLiITfO6EMysO2VrAwunhqE2e7gAVhuN4izPK0jakrtQqnRg
root_password_sha2 = 5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8
plugin_dir = plugin
rest_listen_uri = http://127.0.0.1:12900/
rest_transport_uri = http://127.0.0.1:12900/
elasticsearch_max_docs_per_index = 20000000
elasticsearch_max_number_of_indices = 20
retention_strategy = delete
elasticsearch_shards = 1
elasticsearch_replicas = 0
elasticsearch_index_prefix = graylog2
allow_leading_wildcard_searches = false
allow_highlighting = false
elasticsearch_analyzer = standard
output_batch_size = 25
output_flush_interval = 1
processbuffer_processors = 5
outputbuffer_processors = 3
processor_wait_strategy = blocking
ring_size = 1024
dead_letters_enabled = false
lb_recognition_period_seconds = 3
mongodb_useauth = false
mongodb_host = 127.0.0.1
mongodb_database = graylog2
mongodb_port = 27017
mongodb_max_connections = 100
mongodb_threads_allowed_to_block_multiplier = 5
transport_email_enabled = false
transport_email_hostname = mail.example.com
transport_email_port = 587
transport_email_use_auth = true
transport_email_use_tls = true
transport_email_use_ssl = true
transport_email_auth_username = you@example.com
transport_email_auth_password = secret
transport_email_subject_prefix = [graylog2]
transport_email_from_email = graylog2@example.com

In second version I add line elasticsearch_discovery_zen_ping_unicast_hosts = 127.0.0.1:9200 and in third the same line with 9300 port.

With these configs I have 3 logs for sudo java -jar /opt/graylog2-server/graylog2-server.jar --debug: first, second and third. All of them are with fails.

Is it some version incompatibility of components? Or is there a way to fix this problem in my environment?

Michael
  • 43
  • 1
  • 2
  • 5

1 Answers1

1

You must use version 0.90.10 of Elasticsearch with Graylog2 0.20. It is using the binary protocol and those are not generally compatible between versions, unfortunately.

This line:

org.elasticsearch.transport.RemoteTransportException: Failed to deserialize exception response from stream

is what gives the problem away, the protocol is different, so the Elasticsearch client cannot connect to the server. If you use 0.90.10 it will work.

Kay Röpke
  • 26
  • 3
  • Do you have some related documentation? Or is it your own experience? And what about Graylog2 downgrading from current 0.20.6 to 0.20.2 - is it necessary? – Michael Aug 06 '14 at 15:45
  • I'm one of the authors. You won't need to downgrade Graylog2, just use the 0.20.6 version. But 0.20.x absolutely needs Elasticsearch 0.90.10, exactly, because of said protocol incompatibilities. We are working on a solution for that, but given the large number of versions and their subtle incompatibilities that will take a while. – Kay Röpke Aug 07 '14 at 08:54
  • 1
    Thank your team for great product and you personally for supporting. Confirm correct working with Elasticsearch 0.90.10. – Michael Aug 07 '14 at 10:39