[0.9.6] Deleted Logs, Home Page now says: Sorry, Something went wrong

Hello All,

I am using an older Graylog that has been running for awhile. We had a problem with rsyslog that I recently fix, but I had a ton of logs that were future dated. I decided to use a simple curl command to remove a large chunk of them:

curl -XDELETE 'subdomain.domain.com:9200/graylog2/message/_query' -d '{"range":{"created_at" : {"from":1514764798, "to":1514764801}}}'

This worked really well and the ElasticSearch server is much happier… BUT, I seem to have broken the Home page for Graylog. I now receive an error on the page that says: Sorry, but something went wrong.

This seem to be isolated the the messages/home page as all of my streams continue to work as we continue to ingest new logs.

Does anyone remember on this older revision on how something like this can be fixed?

Thank you.

Did you run “recalculate index range” after you modified the elasticsearch index outside of graylog?

Ok, I did find some information online about doing such a thing. I even found a URL with a rebuild command. But I don’t think I could find anywhere to make that work. Is that a feature supported on 0.9.6? What would be your advice on how to carry out that particular function? Perhaps I was doing wrong.

sorry I do not know if that was available in that ancient version. It is available in the current stable version and supported since 2.x

For the current one, is it something akin to going OR curl’ing a URL like this:

http://subdomain.domain.com/system/indices/ranges/rebuild

This is what I used that didn’t seem to go anywhere.

What exactly did you do with this URI?

FWIW, Graylog 0.9.6 didn’t have the concept of index ranges yet, so I’m not sure what you’re trying to achieve. You can try searching the logs of your Graylog node for hints about your issue.

As @jan already said, Graylog 0.9.6 is ancient (it’s 6 years old) and not supported in any way.

Please do yourself a favor and upgrade (or rather rebuild) your Graylog cluster to a more recent version. I heard Graylog 1.0.0 was very good. :wink:

I tried the literal approach and just dropped it in a web browser. Then I attempted the following with no success

curl -XPOST http://subdomain.domain.com:PORT/system/indices/ranges/rebuild

Also tried with HTTPS, then without https and just the raw domain, then at other ports on the systems config, also tried using:

--user user:password

Flag to authenticate.

There’s a reason this doesn’t work:

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.