I try to follow Digital Ocean manual except using last versions of components.
My elasticsearch.yml:
cluster.name: graylog2
network.bind_host: localhost
network.publish_host: localhost
script.disable_dynamic: true
Elasticsearch says it is ok.
Then I try three versions of graylog2.conf:
is_master = true
node_id_file = /etc/graylog2-server-node-id
password_secret = YRdFrLaoQQfRuSccOhU7Vy8vfoWlobVK5ZXf9G6joag4KyPQMLiITfO6EMysO2VrAwunhqE2e7gAVhuN4izPK0jakrtQqnRg
root_password_sha2 = 5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8
plugin_dir = plugin
rest_listen_uri = http://127.0.0.1:12900/
rest_transport_uri = http://127.0.0.1:12900/
elasticsearch_max_docs_per_index = 20000000
elasticsearch_max_number_of_indices = 20
retention_strategy = delete
elasticsearch_shards = 1
elasticsearch_replicas = 0
elasticsearch_index_prefix = graylog2
allow_leading_wildcard_searches = false
allow_highlighting = false
elasticsearch_analyzer = standard
output_batch_size = 25
output_flush_interval = 1
processbuffer_processors = 5
outputbuffer_processors = 3
processor_wait_strategy = blocking
ring_size = 1024
dead_letters_enabled = false
lb_recognition_period_seconds = 3
mongodb_useauth = false
mongodb_host = 127.0.0.1
mongodb_database = graylog2
mongodb_port = 27017
mongodb_max_connections = 100
mongodb_threads_allowed_to_block_multiplier = 5
transport_email_enabled = false
transport_email_hostname = mail.example.com
transport_email_port = 587
transport_email_use_auth = true
transport_email_use_tls = true
transport_email_use_ssl = true
transport_email_auth_username = you@example.com
transport_email_auth_password = secret
transport_email_subject_prefix = [graylog2]
transport_email_from_email = graylog2@example.com
In second version I add line elasticsearch_discovery_zen_ping_unicast_hosts = 127.0.0.1:9200 and in third the same line with 9300 port.
With these configs I have 3 logs for sudo java -jar /opt/graylog2-server/graylog2-server.jar --debug: first, second and third. All of them are with fails.
Is it some version incompatibility of components? Or is there a way to fix this problem in my environment?
Best Answer
You must use version 0.90.10 of Elasticsearch with Graylog2 0.20. It is using the binary protocol and those are not generally compatible between versions, unfortunately.
This line:
is what gives the problem away, the protocol is different, so the Elasticsearch client cannot connect to the server. If you use 0.90.10 it will work.