Tag: graylog
-
Graylog – Node Appears/Disappears
ANOTHER graylog issue 😀 yeah In the UI you could see the graylog node appearing, and disappearing again. It also showed the message “no leader”. BUT, looking at opensearch, you can see the data still comming in. So what happened? Basically, graylog changed some stuff without telling us, so now it want’s to talk to…
-
Opensearch – Yellow / Top Queries
With an update of opensearch there suddenly is a new index called top_queries-xxxx. This will turn yellow on a single-node cluster, as it want’s two replicase. Apperantely, it’s not in the interest of opensearch, to create stuff, that works with their own software. So we have to fix it ourtselfs. Once again. Luckely this is…
-
Graylog fix wrong field type
Sometimes you’ll get a indexing error, because the field type couldn’t be matched. This will look something like this: You can fix this, by changing the mapping in opensearch. Usually you do this directely on the index, but with roating indexes like in graylog, this won’t work. That’s why we need to create a template,…
-
Elasticsearch 2 Opensearch
You might want to move from elasticsearch to opensearch due to the changes of graylog 5.I was at the same position. We currently deploy mostly single-node standalone environments. This procedure is suited for those environments. 1. Step – Update Mongodb We are upgrading from 4.2 to 6.0. This can only be done with steps between…
-
Fix Graylog Watermark
If you monitor your graylog server already and use a single node instance, there is no real need for a watermark on your open/elasticsearch server. Here you go:
-
Graylog Migration
How The easiest way to migrate a graylog instance, is to build a new one and migrate elasticsearch data by combining the two elasticsearch nodes to a cluster and replicating all data. Which issues will I have? Hopefully none 😀 But realistically, you will have to reinstall content-packs or at least clone & delete all…