Hello guys
I’m having problem with connecting grafana and graylog.
It says “Elasticsearch error: Bad Gateway
I’m using graylog and elastic search on same machine which ubuntu.
Any who can help please?
Hello guys
I’m having problem with connecting grafana and graylog.
It says “Elasticsearch error: Bad Gateway
I’m using graylog and elastic search on same machine which ubuntu.
Any who can help please?
Hello @laale10 and welcome to the community
Here are a couple of links [1] [2] that could be helpful.
Otherwise, please share the whole Elasticserach settings
Hello @antonio thanks for the replay.
I have seen the links and it didn’t help.
here is my setup
I’m using Graylag and Elasticsearch on the same machine, Graylog is the master.
and Grafana in another machine.
Elastic configuration:-
======================== Elasticsearch Configuration =========================
NOTE: Elasticsearch comes with reasonable defaults for most settings.
Before you set out to tweak and tune the configuration, make sure you
understand what are you trying to accomplish and the consequences.
The primary way of configuring a node is via this file. This template lists
the most important settings you may want to configure for a production cluster.
Please consult the documentation for further information on configuration options:
---------------------------------- Cluster -----------------------------------
Use a descriptive name for your cluster:
cluster.name: graylog
------------------------------------ Node ------------------------------------
Use a descriptive name for the node:
#node.name: node-1
Add custom attributes to the node:
#node.attr.rack: r1
----------------------------------- Paths ------------------------------------
Path to directory where to store the data (separate multiple locations by comma):
path.data: /var/lib/elasticsearch
Path to log files:
path.logs: /var/log/elasticsearch
----------------------------------- Memory -----------------------------------
Lock the memory on startup:
#bootstrap.memory_lock: true
Make sure that the heap size is set to about half the memory available
on the system and that the owner of the process is allowed to use this
limit.
Elasticsearch performs poorly when the system is swapping the memory.
---------------------------------- Network -----------------------------------
Set the bind address to a specific IP (IPv4 or IPv6):
#network.host: 192.168.0.1
Set a custom port for HTTP:
#http.port: 9200
For more information, consult the network module documentation.
--------------------------------- Discovery ----------------------------------
Pass an initial list of hosts to perform discovery when new node is started:
The default list of hosts is [“127.0.0.1”, “[::1]”]
#discovery.zen.ping.unicast.hosts: [“host1”, “host2”]
Prevent the “split brain” by configuring the majority of nodes (total number of master-eligible nodes / 2 + 1):
#discovery.zen.minimum_master_nodes:
For more information, consult the zen discovery module documentation.
---------------------------------- Gateway -----------------------------------
Block initial recovery after a full cluster restart until N nodes are started:
#gateway.recover_after_nodes: 3
For more information, consult the gateway module documentation.
---------------------------------- Various -----------------------------------
Require explicit names when deleting indices:
action.destructive_requires_name: false
Graylog configuration:-
############################
GRAYLOG CONFIGURATION FILE
############################
This is the Graylog configuration file. The file has to use ISO 8859-1/Latin-1 character encoding.
Characters that cannot be directly represented in this encoding can be written using Unicode escapes
as defined in .
For example, \u002c.
The auto-generated node ID will be stored in this file and read after restarts. It is a good idea
to use an absolute file path here if you are starting Graylog server from init scripts or similar.
node_id_file = /etc/graylog/server/node-id
You MUST set a secret to secure/pepper the stored user passwords here. Use at least 64 characters.
Generate one by using for example: pwgen -N 1 -s 96
ATTENTION: This value must be the same on all Graylog nodes in the cluster.
Changing this value after installation will render all user sessions and encrypted values in the database invalid. (e.g. encrypted access tokens)
password_secret = VBC9MiBZZ2Mkye7VYq1D3zCCCvdxQJmzxsmBvdBMwsHcbtSxsg9kGL6YSIjDPHQxMMFzdoBhNPfmJ0Y3Vllx6RR3yjowcw4o
The default root user is named ‘admin’
#root_username = admin
You MUST specify a hash password for the root user (which you only need to initially set up the
system and in case you lose connectivity to your authentication backend)
This password cannot be changed using the API or via the web interface. If you need to change it,
modify it in this file.
Create one by using for example: echo -n yourpassword | shasum -a 256
and put the resulting hash value into the following line
root_password_sha2 = 66c74b936306c9927d418c5e1ccb3fa137d36c90f52ebf71100a189b9010f85c
The email address of the root user.
Default is empty
#root_email = “”
The time zone setting of the root user. See http:/www.joda.org/joda-time/timezones.html for a list of valid time zones.
Default is UTC
#root_timezone = UTC
Set the bin directory here (relative or absolute)
This directory contains binaries that are used by the Graylog server.
Default: bin
bin_dir = /usr/share/graylog-server/bin
Set the data directory here (relative or absolute)
This directory is used to store Graylog server state.
Default: data
data_dir = /var/lib/graylog-server
Set plugin directory here (relative or absolute)
plugin_dir = /usr/share/graylog-server/plugin
###############
HTTP settings
###############
HTTP bind address
The network interface used by the Graylog HTTP interface.
This network interface must be accessible by all Graylog nodes in the cluster and by all clients
using the Graylog web interface.
If the port is omitted, Graylog will use port 9000 by default.
Default: 127.0.0.1:9000
http_bind_address = 0.0.0.0:9000
#http_bind_address = [2001:db8::1]:9000
HTTP publish URI
The HTTP URI of this Graylog node which is used to communicate with the other Graylog nodes in the cluster and by all
clients using the Graylog web interface.
The URI will be published in the cluster discovery APIs, so that other Graylog nodes will be able to find and connect to this Graylog node.
This configuration setting has to be used if this Graylog node is available on another network interface than $http_bind_address,
for example if the machine has multiple network interfaces or is behind a NAT gateway.
If $http_bind_address contains a wildcard IPv4 address (0.0.0.0), the first non-loopback IPv4 address of this machine will be used.
This configuration setting must not contain a wildcard address!
Default:
#http_publish_uri = http:/192.168.1.1:9000/
External Graylog URI
The public URI of Graylog which will be used by the Graylog web interface to communicate with the Graylog REST API.
The external Graylog URI usually has to be specified, if Graylog is running behind a reverse proxy or load-balancer
and it will be used to generate URLs addressing entities in the Graylog REST API (see $http_bind_address).
When using Graylog Collector, this URI will be used to receive heartbeat messages and must be accessible for all collectors.
This setting can be overriden on a per-request basis with the “X-Graylog-Server-URL” HTTP request header.
Default: $http_publish_uri
#http_external_uri =
Enable CORS headers for HTTP interface
This allows browsers to make Cross-Origin requests from any origin.
This is disabled for security reasons and typically only needed if running graylog
with a separate server for frontend development.
Default: false
#http_enable_cors = false
Enable GZIP support for HTTP interface
This compresses API responses and therefore helps to reduce
overall round trip times. This is enabled by default. Uncomment the next line to disable it.
#http_enable_gzip = false
The maximum size of the HTTP request headers in bytes.
#http_max_header_size = 8192
The size of the thread pool used exclusively for serving the HTTP interface.
#http_thread_pool_size = 16
################
HTTPS settings
################
Enable HTTPS support for the HTTP interface
This secures the communication with the HTTP interface with TLS to prevent request forgery and eavesdropping.
Default: false
#http_enable_tls = true
The X.509 certificate chain file in PEM format to use for securing the HTTP interface.
#http_tls_cert_file = /path/to/graylog.crt
The PKCS#8 private key file in PEM format to use for securing the HTTP interface.
#http_tls_key_file = /path/to/graylog.key
The password to unlock the private key used for securing the HTTP interface.
#http_tls_key_password = secret
Comma separated list of trusted proxies that are allowed to set the client address with X-Forwarded-For
header. May be subnets, or hosts.
#trusted_proxies = 127.0.0.1/32, 0:0:0:0:0:0:0:1/128
List of Elasticsearch hosts Graylog should connect to.
Need to be specified as a comma-separated list of valid URIs for the http ports of your elasticsearch nodes.
If one or more of your elasticsearch hosts require authentication, include the credentials in each node URI that
requires authentication.
Default: http:/127.0.0.1:9200
#elasticsearch_hosts = http:/node1:9200,http:/user:password@node2:19200
#elasticsearch_hosts =
Maximum number of attempts to connect to elasticsearch on boot for the version probe.
Default: 0, retry indefinitely with the given delay until a connection could be established
#elasticsearch_version_probe_attempts = 5
Waiting time in between connection attempts for elasticsearch_version_probe_attempts
Default: 5s
#elasticsearch_version_probe_delay = 5s
Maximum amount of time to wait for successful connection to Elasticsearch HTTP port.
Default: 10 Seconds
#elasticsearch_connect_timeout = 10s
Maximum amount of time to wait for reading back a response from an Elasticsearch server.
(e. g. during search, index creation, or index time-range calculations)
Default: 60 seconds
#elasticsearch_socket_timeout = 60s
Maximum idle time for an Elasticsearch connection. If this is exceeded, this connection will
be tore down.
Default: inf
#elasticsearch_idle_timeout = -1s
Maximum number of total connections to Elasticsearch.
Default: 200
#elasticsearch_max_total_connections = 200
Maximum number of total connections per Elasticsearch route (normally this means per
elasticsearch server).
Default: 20
#elasticsearch_max_total_connections_per_route = 20
Maximum number of times Graylog will retry failed requests to Elasticsearch.
Default: 2
#elasticsearch_max_retries = 2
Enable automatic Elasticsearch node discovery through Nodes Info,
WARNING: Automatic node discovery does not work if Elasticsearch requires authentication, e. g. with Shield.
Default: false
#elasticsearch_discovery_enabled = true
Filter for including/excluding Elasticsearch nodes in discovery according to their custom attributes,
Default: empty
#elasticsearch_discovery_filter = rack:42
Frequency of the Elasticsearch node discovery.
Default: 30s
elasticsearch_discovery_frequency = 30s
Set the default scheme when connecting to Elasticsearch discovered nodes
Default: http (available options: http, https)
#elasticsearch_discovery_default_scheme = http
#elasticsearch_discovery_default_scheme = https
Enable payload compression for Elasticsearch requests.
Default: false
#elasticsearch_compression_enabled = true
Enable use of “Expect: 100-continue” Header for Elasticsearch index requests.
If this is disabled, Graylog cannot properly handle HTTP 413 Request Entity Too Large errors.
Default: true
#elasticsearch_use_expect_continue = true
Graylog will use multiple indices to store documents in. You can configure the strategy it uses to determine
when to rotate the currently active write index.
It supports multiple rotation strategies, the default being “count”:
Provides a hard upper limit for the retention period of any index set at configuration time.
This setting is used to validate the value a user chooses for the maximum number of retained indexes, when configuring
an index set. However, it is only in effect, when a time-based rotation strategy is chosen.
If a rotation strategy other than time-based is selected and/or no value is provided for this setting, no upper limit
for index retention will be enforced. This is also the default.
max_index_retention_period = P90d
ATTENTION: These settings have been moved to the database in 2.0. When you upgrade, make sure to set these
to your previous 1.x settings so they will be migrated to the database!
This configuration setting is only used on the first start of Graylog. After that,
index related settings can be changed in the Graylog web interface on the ‘System / Indices’ page.
(Approximate) maximum number of documents in an Elasticsearch index before a new index
is being created, also see no_retention and elasticsearch_max_number_of_indices.
Configure this if you used ‘rotation_strategy = count’ above.
ATTENTION: These settings have been moved to the database in 2.0. When you upgrade, make sure to set these
to your previous 1.x settings so they will be migrated to the database!
This configuration setting is only used on the first start of Graylog. After that,
index related settings can be changed in the Graylog web interface on the ‘System / Indices’ page.
elasticsearch_max_docs_per_index = 20000000
(Approximate) maximum size in bytes per Elasticsearch index on disk before a new index is being created, also see
no_retention and elasticsearch_max_number_of_indices. Default is 1GB.
Configure this if you used ‘rotation_strategy = size’ above.
ATTENTION: These settings have been moved to the database in 2.0. When you upgrade, make sure to set these
to your previous 1.x settings so they will be migrated to the database!
This configuration setting is only used on the first start of Graylog. After that,
index related settings can be changed in the Graylog web interface on the ‘System / Indices’ page.
#elasticsearch_max_size_per_index = 1073741824
(Approximate) maximum time before a new Elasticsearch index is being created, also see
no_retention and elasticsearch_max_number_of_indices. Default is 1 day.
Configure this if you used ‘rotation_strategy = time’ above.
Please note that this rotation period does not look at the time specified in the received messages, but is
using the real clock value to decide when to rotate the index!
Specify the time using a duration and a suffix indicating which unit you want:
1w = 1 week
1d = 1 day
12h = 12 hours
Permitted suffixes are: d for day, h for hour, m for minute, s for second.
ATTENTION: These settings have been moved to the database in 2.0. When you upgrade, make sure to set these
to your previous 1.x settings so they will be migrated to the database!
This configuration setting is only used on the first start of Graylog. After that,
index related settings can be changed in the Graylog web interface on the ‘System / Indices’ page.
#elasticsearch_max_time_per_index = 1d
Optional upper bound on elasticsearch_max_time_per_index
elasticsearch_max_write_index_age = 1d
Disable checking the version of Elasticsearch for being compatible with this Graylog release.
WARNING: Using Graylog with unsupported and untested versions of Elasticsearch may lead to data loss!
#elasticsearch_disable_version_check = true
elasticsearch_disable_version_check = true
elasticsearch_version = 7
Disable message retention on this node, i. e. disable Elasticsearch index rotation.
#no_retention = false
How many indices do you want to keep?
ATTENTION: These settings have been moved to the database in 2.0. When you upgrade, make sure to set these
to your previous 1.x settings so they will be migrated to the database!
This configuration setting is only used on the first start of Graylog. After that,
index related settings can be changed in the Graylog web interface on the ‘System / Indices’ page.
elasticsearch_max_number_of_indices = 20
Decide what happens with the oldest indices when the maximum number of indices is reached.
The following strategies are availble:
How many Elasticsearch shards and replicas should be used per index? Note that this only applies to newly created indices.
ATTENTION: These settings have been moved to the database in Graylog 2.2.0. When you upgrade, make sure to set these
to your previous settings so they will be migrated to the database!
This configuration setting is only used on the first start of Graylog. After that,
index related settings can be changed in the Graylog web interface on the ‘System / Indices’ page.
elasticsearch_shards = 4
elasticsearch_replicas = 0
Prefix for all Elasticsearch indices and index aliases managed by Graylog.
ATTENTION: These settings have been moved to the database in Graylog 2.2.0. When you upgrade, make sure to set these
to your previous settings so they will be migrated to the database!
This configuration setting is only used on the first start of Graylog. After that,
index related settings can be changed in the Graylog web interface on the ‘System / Indices’ page.
Also see
elasticsearch_index_prefix = graylog
Name of the Elasticsearch index template used by Graylog to apply the mandatory index mapping.
Default: graylog-internal
ATTENTION: These settings have been moved to the database in Graylog 2.2.0. When you upgrade, make sure to set these
to your previous settings so they will be migrated to the database!
This configuration setting is only used on the first start of Graylog. After that,
index related settings can be changed in the Graylog web interface on the ‘System / Indices’ page.
#elasticsearch_template_name = graylog-internal
Do you want to allow searches with leading wildcards? This can be extremely resource hungry and should only
be enabled with care. See also:
allow_leading_wildcard_searches = false
Do you want to allow searches to be highlighted? Depending on the size of your messages this can be memory hungry and
should only be enabled after making sure your Elasticsearch cluster has enough memory.
allow_highlighting = false
Analyzer (tokenizer) to use for message and full_message field. The “standard” filter usually is a good idea.
All supported analyzers are: standard, simple, whitespace, stop, keyword, pattern, language, snowball, custom
Elasticsearch documentation:
Note that this setting only takes effect on newly created indices.
try increasing the verbosity of the Grafana server logs to debug
and note any errors. For printing to console, set the console logs to debug
as well.
Also, when you try to save and test the datasource connection, you can open up your browser’s developer tools and look at the network
tab. that can often include useful information about network connection issues