Could not Execute Search and Cannot caluclate index range

The Search page displays the error:

Could not Execute Search
Error Message: Unable to perform search query. Index not found for query: graylog_211. Try recalculating your index ranges.
Details: Index not found for query: graylog_211. Try recalculating your index ranges.

I have tried:

1. Stopping graylog, deleting the graylog_deflector index, and restarting graylog

2. System/Indices > Maintenance > Recalculate index ranges

Graylog log messages during the recalculation seemingly cannot calculate the range of any index – they say either “org.graylog2.indexer.ElasticsearchException: Couldn’t read health status for index graylog_107” or “org.graylog2.indexer.IndexNotFoundException: Couldn’t build index range of index graylog_7 because it doesn’t exist.”

Using Graylog 2.3.2 and Elasticsearch 5.6.7.

How can I reset the indices to have the ability to search my logs and setup alerts for the different streams?

Thanks!

You can try dropping/deleting the “index_ranges” collection in MongoDB and recalculate index ranges via the web interface (System/Indices > Maintenance > Recalculate index ranges).

Thanks for the quick response!

I dropped the “index_ranges” collection in MongoDB, and then used the web interface to Recalculate index ranges.

The graylog log had many exceptions:

org.graylog2.indexer.ElasticsearchException: Couldn’t read health status for index graylog_107
org.graylog2.indexer.IndexNotFoundException: Couldn’t build index range of index graylog_7 because it doesn’t exist

The recalculate job took >30 minutes, and when it completed I still can’t see the search results:

Nothing found in stream All messages

But there are ~78 messages/second coming into the stream.

A post was split to a new topic: Unable to connect to Elasticsearch

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.