Deflector exists as an index and is not an alias. AGAIN!

Just built a brand new ubuntu vm from scratch and installed per and I have tried 6 ways from sunday to delete the graylog_deflector index but nothing works and it keeps recreating it w/ the same name

any ideas

I tried creating a new index but it never comes back after trying to set default. I can see the graylog_deflector index growing over time so I have it populating … tried creating a new stream and a new index but wasnt clear on how to set it up for all messages. Maybe I just need to use the OVA and give up on this custom ubuntu server ?

I installed with the OVA and got graylog working … would rather use the vm tho so if anybody knows what is missing in the ubuntu build I’d appreciate it.

Hej @mikejdunphy

you might want to elaborate on your issue. The questions that are left on your information:

  • did you experience that no new index in elasticsearch are created?
  • are at any time no indices available and only graylog_deflector?
  • how did you check that?
  • did you find anything in the Graylog server.log?
  • does a manual rotate help?

Thanks for the reply

I did not wait for the index to fill up so I never saw any new index other then the graylog deflector.

I checked it with curl ‘localhost:9200/_cat/indices?v’

I did not find anything in the graylog server log.

curl -XPOST did not manually rotate the index.

For now as I have posted I have bagged this vm and installed the OVA and it is working fine.


without the log file that might explain what had happen from Graylog view it’s hard to tell what had happened, as this is not a usual problem.

