Deflector exists as an index and is not an alias. AGAIN!

(Mike) #1

Just built a brand new ubuntu vm from scratch and installed per and I have tried 6 ways from sunday to delete the graylog_deflector index but nothing works and it keeps recreating it w/ the same name

any ideas

(Mike) #2

I tried creating a new index but it never comes back after trying to set default. I can see the graylog_deflector index growing over time so I have it populating … tried creating a new stream and a new index but wasnt clear on how to set it up for all messages. Maybe I just need to use the OVA and give up on this custom ubuntu server ?

(Mike) #3

I installed with the OVA and got graylog working … would rather use the vm tho so if anybody knows what is missing in the ubuntu build I’d appreciate it.

(Jan Doberstein) #4

Hej @mikejdunphy

you might want to elaborate on your issue. The questions that are left on your information:

  • did you experience that no new index in elasticsearch are created?
  • are at any time no indices available and only graylog_deflector?
  • how did you check that?
  • did you find anything in the Graylog server.log?
  • does a manual rotate help?

(Mike) #5

Thanks for the reply

I did not wait for the index to fill up so I never saw any new index other then the graylog deflector.

I checked it with curl ‘localhost:9200/_cat/indices?v’

I did not find anything in the graylog server log.

curl -XPOST did not manually rotate the index.

For now as I have posted I have bagged this vm and installed the OVA and it is working fine.


(Jan Doberstein) #6

without the log file that might explain what had happen from Graylog view it’s hard to tell what had happened, as this is not a usual problem.

(system) closed #7

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.