Before you post: Your responses to these questions will help the community help you. Please complete this template if you’re asking a support question. Don’t forget to select tags to help index your topic!
1. Describe your incident:
Hello,
It is strange, but I cannot see already sent Alerts in window “Alerts $ Events” although emails works correctly - I have received many of them. The problem started when I’ve changed “path.data” in elasticsearch.yml. Procedure was: 1. stop graylog and elasticsearch. 2. change “path.data”. 3 copy directory “nodes” to new place with proper permissions. 4 start everything.
After that, everything is correct, but alerts are not presented in “Alerts $ Events” window.
OS Information:
Linux 7
Package Version:
Graylog 4.2.9
3. What steps have you already taken to try and solve the problem?
4. How can the community help?
Could you help me to solve this issue? Thanks in advance.
did you also change path.logs? You didn’t mention it. there is an older post here that hits some details on process and permissions for moving Elasticsearch…
You may want to check MongoDb since it holds all your metadata… Check Date/time is correct on the server. Perhaps set the Alerts & Events to 7 Days to see if they show up.
Hello and thank you for yours answers. I checked permissions on files and directories - they were correct. Server is synchronized with time server. But I managed to find a solution. The solution was:
1 First I checked indices - they were all green.
2. Then I went to System->Indices. I rotated active indexes in “Graylog Events” and “Graylog System Events” and recalculated indexes ranges on old indices.
3. Alerts appeared in window “Alerts & Events”.
