Could not Execute Search Index Missing

GTownson · August 30, 2017, 10:14am

Hi, so my Ubuntu VM had 100% disk usage which caused Elastic Search to stop working, so I deleted a load of old indices and then started Graylog and Elastic Search. Once the Graylog web UI was back up I proceeded to recalculate the index ranges and now I can’t search. Please see below for the error I am getting (The top error is from the Web UI itself and the bottom error is from my Graylog log files).

Could not execute search
There was an error executing your search. Please check your Graylog server logs for more information.
    Error Message:
    Unable to perform search query. Index not found for query: graylog_25. Try recalculating your index ranges.
    Details:
    Index not found for query: graylog_25. Try recalculating your index ranges.
    Search status code:
    500
    Search response:
    cannot GET http://x.x.x.x:9000/api/search/universal/relative?query=%2A&range=300&limit=150&sort=timestamp%3Adesc (500)





Index not found for query: graylog_25. Try recalculating your index ranges. (IndexNotFoundException)
2017-08-30T11:12:08.741+01:00 ERROR [AlertScanner] Skipping alert check <facility/42d3c2ff-0941-4e30-a775-d11a4d67238c>: Unable to perform search query.

Index not found for query: graylog_25. Try recalculating your index ranges. (IndexNotFoundException)

Cheers,
G

jochen · August 30, 2017, 10:37am

First of all, you shouldn’t just delete indices. Make sure to monitor the disk usage of your Elasticsearch and Graylog VMs properly.

Try rotating the active write index of your index sets (System/Indices/Index Set/Maintenance).

GTownson · August 30, 2017, 11:48am

I had to delete them, the disk usage hit 100% and Graylog wouldn’t start. I have now changed the retention strategy to stop this from repeating. I also rotated the active write index and that didn’t resolve the issue, I’m not sure what else to do?

Cheers,
G

jochen · August 30, 2017, 12:23pm

Drop or purge the index_ranges collection in MongoDB and recalculate the index ranges via the Graylog web interface.

GTownson · August 30, 2017, 7:35pm

I’ll sort this out in the morning then, thanks. Also what is the best practice when a VM’s memory fills up and space needs to be created? Previously I have just stopped all the services and deleted the oldest indices.

Cheers,

G

jochen · August 30, 2017, 9:10pm

Just configure a sensible rotation and retention strategy in Graylog (System / Indices / Index Set) to automatically delete old indices.

system · September 13, 2017, 9:11pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Unable to perform search query Index Graylog Central (peer support)	4	1936	July 29, 2019
Could not Execute Search and Cannot caluclate index range Graylog Central (peer support)	4	4096	June 11, 2018
Could not execute search graylog Graylog Central (peer support)	2	4855	July 27, 2018
Could not execute search(Index not found for query) Graylog Central (peer support)	5	8627	August 12, 2019
Could not retreve global index stats & index sets? Graylog Central (peer support)	6	1367	September 3, 2019

Could not Execute Search Index Missing

Related topics