Hi, This appears to be more of an ElasticSearch question, rather than a Graylog-specific question.
I'm going to guess that your ElasticSearch cluster doesn't have any (primary) shards replicated to the other nodes in the cluster. When you brought down one node, these shards were "lost" and ElasticSearch tells you this by setting the cluster status to 'red'. Graylog's default setting for ElasticSearch replicas (e.g. from https://github.com/Graylog2/graylog2-server/blob/2.0/misc/graylog.conf) is: --- elasticsearch_replicas = 0 --- Try setting this to: "elasticsearch_replicas = 1". HTH, Frederic On Saturday, May 21, 2016 at 9:16:09 AM UTC-7, HASIF M wrote: > > Hi All, > > > Please help me to create a 3 node Graylog cluster. All Instances are > running on CentOs 6.5. > > Node 1:- > > Graylog 2.0.1 > Elasticsearch 2.3.1 > MongoDB replica Set > > > Elastic config file:- > > cluster.name: graylog2 > > discovery.zen.ping.multicast.enabled: false > discovery.zen.ping.unicast.hosts: ["graylog1.local:9300", > "graylog2.local:9300", "graylog3.local:9300"] > discovery.zen.minimum_master_nodes: 2 > network.host: 192.168.1.128 > > Graylog config:- > > rest_listen_uri = http://0.0.0.0:12900/ > web_listen_uri = http://0.0.0.0:9000/ > elasticsearch_cluster_name = graylog2 > elasticsearch_discovery_zen_ping_unicast_hosts = graylog1.local:9300, > graylog2.local:9300, graylog3.local:9300 > elasticsearch_discovery_zen_ping_multicast_enabled = false > elasticsearch_network_host = 192.168.1.128 > mongodb_uri = > mongodb://graylog1.local:27017,graylog2.local:27017,graylog3.local:27017/graylog2 > > > Node 2:- > > Graylog 2.0.1 > Elasticsearch 2.3.1 > MongoDB replica Set > > Elastic config:- > cluster.name: graylog2 > > discovery.zen.ping.multicast.enabled: false > discovery.zen.ping.unicast.hosts: ["graylog1.local:9300", > "graylog2.local:9300", "graylog3.local:9300"] > discovery.zen.minimum_master_nodes: 2 > network.host: 192.168.1.129 > > Graylog config:- > > rest_listen_uri = http://0.0.0.0:12900/ > web_listen_uri = http://0.0.0.0:9000/ > elasticsearch_cluster_name = graylog2 > elasticsearch_discovery_zen_ping_unicast_hosts = graylog1.local:9300, > graylog2.local:9300, graylog3.local:9300 > elasticsearch_discovery_zen_ping_multicast_enabled = false > elasticsearch_network_host = 192.168.1.129 > mongodb_uri = > mongodb://graylog1.local:27017,graylog2.local:27017,graylog3.local:27017/graylog2 > > > Node 3:- > > Graylog 2.0.1 > Elasticsearch 2.3.1 > MongoDB replica Set > > > Elasitc config:- > cluster.name: graylog2 > > discovery.zen.ping.multicast.enabled: false > discovery.zen.ping.unicast.hosts: ["graylog1.local:9300", > "graylog2.local:9300", "graylog3.local:9300"] > discovery.zen.minimum_master_nodes: 2 > network.host: 192.168.1.130 > > Graylog config:- > > rest_listen_uri = http://0.0.0.0:12900/ > web_listen_uri = http://0.0.0.0:9000/ > elasticsearch_cluster_name = graylog2 > elasticsearch_discovery_zen_ping_unicast_hosts = graylog1.local:9300, > graylog2.local:9300, graylog3.local:9300 > elasticsearch_discovery_zen_ping_multicast_enabled = false > elasticsearch_network_host = 192.168.1.130 > mongodb_uri = > mongodb://graylog1.local:27017,graylog2.local:27017,graylog3.local:27017/graylog2 > > > ES Status when all three nodes are UP. > > [root@graylog1 ~]# curl -X GET ' > http://192.168.1.130:9200/_cluster/health?pretty=true' > { > "cluster_name" : "graylog2", > "status" : "green", > "timed_out" : false, > "number_of_nodes" : 6, > "number_of_data_nodes" : 3, > "active_primary_shards" : 8, > "active_shards" : 8, > "relocating_shards" : 0, > "initializing_shards" : 0, > "unassigned_shards" : 0, > "delayed_unassigned_shards" : 0, > "number_of_pending_tasks" : 0, > "number_of_in_flight_fetch" : 0, > "task_max_waiting_in_queue_millis" : 0, > "active_shards_percent_as_number" : 100.0 > } > > > > > i am trying to create HA cluster, but my problem is, if any one node goes > down my elasticsearch status showing RED and throwing below error in log > file. > > Status when any node goes down:- > > [root@graylog1 ~]# curl -X GET ' > http://192.168.1.130:9200/_cluster/health?pretty=true' > { > "cluster_name" : "graylog2", > "status" : "red", > "timed_out" : false, > "number_of_nodes" : 5, > "number_of_data_nodes" : 2, > "active_primary_shards" : 5, > "active_shards" : 5, > "relocating_shards" : 0, > "initializing_shards" : 0, > "unassigned_shards" : 3, > "delayed_unassigned_shards" : 0, > "number_of_pending_tasks" : 0, > "number_of_in_flight_fetch" : 0, > "task_max_waiting_in_queue_millis" : 0, > "active_shards_percent_as_number" : 62.5 > } > > > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/4295e06c-69bd-485d-b089-3da7a1e10aa5%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.