Graylog 2.2.0-beta.1 in Docker with UDP input: Unable to load default stream

I’m trying to use graylog2 to collect logs from docker containers. Docs says that only UDP GELF input is supported for this purpose.
I’m using docker-compose to run the graylog server. See gist for all files used: https://gist.github.com/olegabr/7f5190c453bb63c71dabf151d2373c2f.

And I’m using this command to test it:

sendip -p ipv4 -is 127.0.0.1 -p udp -us 5070 -ud 12201 -d '{"version": "1.1","host":"example.org","short_message":"Short message","full_message":"Backtrace here\n\nmore stuff","level":1,"_user_id":9001,"_some_info":"foo","_some_env_var":"bar"}' -v 127.0.0.1

  • OSX Play Framework Auto-Reload
  • Unable to connect to tomcat running in Docker (Connection refused)
  • docker-compose referencing wrong ports
  • docker-compose link container of another docker-compose
  • How to run Docker and node.js with remote configurations
  • Restore SQL Server database to Linux Docker
  • Server receives this message, but it can not process it. I see following in the graylog2 logs:

    2016-12-09 11:53:20,125 WARN : org.graylog2.bindings.providers.DefaultStreamProvider - Unable to load default stream, tried 1 times, retrying every 500ms. Processing is blocked until this succeeds.
    2016-12-09 11:53:25,129 WARN : org.graylog2.bindings.providers.DefaultStreamProvider - Unable to load default stream, tried 11 times, retrying every 500ms. Processing is blocked until this succeeds.

    e.t.c. many many similar lines.

    The API call curl http://admin:123456@127.0.0.1:9000/api/count/total returns

    {"events":0}

    In the server logs I see that the default stream was initialized:

    mongo_1 | 2016-12-09T11:51:12.522+0000 I INDEX [conn3] build index on: graylog.pipeline_processor_pipelines_streams properties: { v: 2, unique: true, key: { stream_id: 1 }, name: "stream_id_1", ns: "graylog.pipeline_processor_pipelines_streams" }
    graylog_1 | 2016-12-09 11:51:13,408 INFO : org.graylog2.periodical.Periodicals - Starting [org.graylog.plugins.pipelineprocessor.periodical.LegacyDefaultStreamMigration] periodical, running forever.
    graylog_1 | 2016-12-09 11:51:13,424 INFO : org.graylog.plugins.pipelineprocessor.periodical.LegacyDefaultStreamMigration - Legacy default stream has no connections, no migration needed.
    graylog_1 | 2016-12-09 11:51:13,487 INFO : org.graylog2.migrations.V20160929120500_CreateDefaultStreamMigration - Successfully created default stream: All messages
    graylog_1 | 2016-12-09 11:51:13,653 INFO : org.graylog2.migrations.V20161125142400_EmailAlarmCallbackMigration - No streams needed to be migrated.
    graylog_1 | 2016-12-09 11:51:13,662 INFO : org.graylog2.migrations.V20161125161400_AlertReceiversMigration - No streams needed to be migrated.
    graylog_1 | 2016-12-09 11:51:13,672 INFO : org.graylog2.migrations.V20161130141500_DefaultStreamRecalcIndexRanges - Cluster not connected yet, delaying migration until it is reachable.

    So, why it can not be loaded when the message arrives? Why it is needed in the first place?

    I’ve tried to find similar reports in web but with no success.

  • Port published via Docker — can't connect
  • Docker Jenkins & Sonar setup
  • mvn jetty:run-forked inside a docker container?
  • renaming docker0 virtual bridge name to something else
  • How to enter bash of an ubuntu docker container?
  • Firefox doesn't wait for a page load Webdriverio
  • 2 Solutions collect form web for “Graylog 2.2.0-beta.1 in Docker with UDP input: Unable to load default stream”

    This has nothing to do with the UDP input per se.

    Graylog 2.2.0-beta.1 is broken and shouldn’t be used. Please downgrade to Graylog 2.1.2 (the latest stable version) or wait for Graylog 2.2.0-beta.2.

    See https://groups.google.com/forum/#!searchin/graylog2/docker|sort:date/graylog2/gCycC3_K3vU/EL-Lz_uNDQAJ for a related post on the Graylog mailing list.

    same trouble
    just setup graylog and configure input gelf udp 12209 port

    then test it twice by:

    docker run –log-driver=gelf –log-opt gelf-address=udp://127.0.0.1:12209 busybox echo Hello Graylog

    in UI i saw:

    2 messages in process buffe
    2 unprocessed messages are currently in the journal, in 1 segments.
    0 messages have been appended in the last second, 0 messages have been read in the last second.

    and still getting:

    2016-12-09 12:41:23,715 INFO : org.graylog2.inputs.InputStateListener – Input [GELF UDP/584aa67308813b00010d009e] is now RUNNING
    2016-12-09 12:41:43,666 WARN : org.graylog2.bindings.providers.DefaultStreamProvider – Unable to load default stream, tried 1 times, retrying every 500ms. Processing is blocked until this succeeds.

    anyone have found solution ?

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.