Recently I upgraded my graylog server to Graylog 2.3.0+. Post to the upgrade i don’t see any messages in my search query .
Please find the details below
[root@~]# yum info graylog-server | grep Version && yum info elasticsearch | grep Version
Version : 2.3.0
Version : 2.4.5
Version : 2.4.6
[root@infosec ~]# tail -f /var/log/graylog-server/server.log
2017-08-07T10:43:39.801Z INFO [HttpServer] [HttpServer] Started.
2017-08-07T10:43:39.801Z INFO [JerseyService] Started REST API at http://10.10.10.10:9000/api/
2017-08-07T10:43:39.801Z INFO [JerseyService] Started Web Interface at http://10.10.10.10:9000/
2017-08-07T10:43:39.807Z INFO [ServiceManagerListener] Services are healthy
2017-08-07T10:43:39.809Z INFO [ServerBootstrap] Services started, startup times in ms: {BufferSynchronizerService [RUNNING]=70, OutputSetupService [RUNNING]=129, KafkaJournal [RUNNING]=148, InputSetupService [RUNNING]=163, StreamCacheService [RUNNING]=292, JournalReader [RUNNING]=293, LookupTableService [RUNNING]=349, ConfigurationEtagService [RUNNING]=400, PeriodicalsService [RUNNING]=612, JerseyService [RUNNING]=19187}
2017-08-07T10:43:39.818Z INFO [InputSetupService] Triggering launching persisted inputs, node transitioned from Uninitialized [LB:DEAD] to Running [LB:ALIVE]
2017-08-07T10:43:39.835Z INFO [ServerBootstrap] Graylog server up and running.
2017-08-07T10:43:39.851Z INFO [InputStateListener] Input [Raw/Plaintext UDP/59883f3a6e12cd103931e7cf] is now STARTING
2017-08-07T10:43:39.926Z WARN [NettyTransport] receiveBufferSize (SO_RCVBUF) for input RawUDPInput{title=srxlog, type=org.graylog2.inputs.raw.udp.RawUDPInput, nodeId=dbb37c77-50c2-4036-9f30-be92ab10e4f6} should be 26214400 but is 212992.
2017-08-07T10:43:39.933Z INFO [InputStateListener] Input [Raw/Plaintext UDP/59883f3a6e12cd103931e7cf] is now RUNNING
Even i deleted the messages in journal . Still no luck
/var/lib/graylog-server/journal/messagejournal-0/