Graylog 2.2.0-beta.1 in Docker with UDP input: Unable to load default stream

I’m trying to use graylog2 to collect logs from docker containers. Docs says that only UDP GELF input is supported for this purpose.
I’m using docker-compose to run the graylog server. See gist for all files used: https://gist.github.com/olegabr/7f5190c453bb63c71dabf151d2373c2f.

And I’m using this command to test it:

sendip -p ipv4 -is 127.0.0.1 -p udp -us 5070 -ud 12201 -d '{"version": "1.1","host":"example.org","short_message":"Short message","full_message":"Backtrace here\n\nmore stuff","level":1,"_user_id":9001,"_some_info":"foo","_some_env_var":"bar"}' -v 127.0.0.1

  • Docker CentOS 7 cannot write to /var/logs/
  • Docker Beta on Mac : Cannot use ip to access nginx container
  • How to get all Docker containers even the ones who aren't running?
  • Is this possible to tag latest to multiple images in docker?
  • Start docker-machine On Boot
  • Modify NODE_ENV accordingly
  • Server receives this message, but it can not process it. I see following in the graylog2 logs:

    2016-12-09 11:53:20,125 WARN : org.graylog2.bindings.providers.DefaultStreamProvider - Unable to load default stream, tried 1 times, retrying every 500ms. Processing is blocked until this succeeds.
    2016-12-09 11:53:25,129 WARN : org.graylog2.bindings.providers.DefaultStreamProvider - Unable to load default stream, tried 11 times, retrying every 500ms. Processing is blocked until this succeeds.

    e.t.c. many many similar lines.

    The API call curl http://admin:123456@127.0.0.1:9000/api/count/total returns

    {"events":0}

    In the server logs I see that the default stream was initialized:

    mongo_1 | 2016-12-09T11:51:12.522+0000 I INDEX [conn3] build index on: graylog.pipeline_processor_pipelines_streams properties: { v: 2, unique: true, key: { stream_id: 1 }, name: "stream_id_1", ns: "graylog.pipeline_processor_pipelines_streams" }
    graylog_1 | 2016-12-09 11:51:13,408 INFO : org.graylog2.periodical.Periodicals - Starting [org.graylog.plugins.pipelineprocessor.periodical.LegacyDefaultStreamMigration] periodical, running forever.
    graylog_1 | 2016-12-09 11:51:13,424 INFO : org.graylog.plugins.pipelineprocessor.periodical.LegacyDefaultStreamMigration - Legacy default stream has no connections, no migration needed.
    graylog_1 | 2016-12-09 11:51:13,487 INFO : org.graylog2.migrations.V20160929120500_CreateDefaultStreamMigration - Successfully created default stream: All messages
    graylog_1 | 2016-12-09 11:51:13,653 INFO : org.graylog2.migrations.V20161125142400_EmailAlarmCallbackMigration - No streams needed to be migrated.
    graylog_1 | 2016-12-09 11:51:13,662 INFO : org.graylog2.migrations.V20161125161400_AlertReceiversMigration - No streams needed to be migrated.
    graylog_1 | 2016-12-09 11:51:13,672 INFO : org.graylog2.migrations.V20161130141500_DefaultStreamRecalcIndexRanges - Cluster not connected yet, delaying migration until it is reachable.

    So, why it can not be loaded when the message arrives? Why it is needed in the first place?

    I’ve tried to find similar reports in web but with no success.

  • Data Lake Infrastructure
  • Connecting to SQL Server Express from within Docker Container gives an error occurred evaluating the password
  • how to redirect no-www to www under jwilder/nginx-proxy?
  • Run Node.js forked processes in Docker containers
  • Can I extend docker-compose files?
  • Virtual Box on Windows while using Docker
  • 2 Solutions collect form web for “Graylog 2.2.0-beta.1 in Docker with UDP input: Unable to load default stream”

    This has nothing to do with the UDP input per se.

    Graylog 2.2.0-beta.1 is broken and shouldn’t be used. Please downgrade to Graylog 2.1.2 (the latest stable version) or wait for Graylog 2.2.0-beta.2.

    See https://groups.google.com/forum/#!searchin/graylog2/docker|sort:date/graylog2/gCycC3_K3vU/EL-Lz_uNDQAJ for a related post on the Graylog mailing list.

    same trouble
    just setup graylog and configure input gelf udp 12209 port

    then test it twice by:

    docker run –log-driver=gelf –log-opt gelf-address=udp://127.0.0.1:12209 busybox echo Hello Graylog

    in UI i saw:

    2 messages in process buffe
    2 unprocessed messages are currently in the journal, in 1 segments.
    0 messages have been appended in the last second, 0 messages have been read in the last second.

    and still getting:

    2016-12-09 12:41:23,715 INFO : org.graylog2.inputs.InputStateListener – Input [GELF UDP/584aa67308813b00010d009e] is now RUNNING
    2016-12-09 12:41:43,666 WARN : org.graylog2.bindings.providers.DefaultStreamProvider – Unable to load default stream, tried 1 times, retrying every 500ms. Processing is blocked until this succeeds.

    anyone have found solution ?

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.