Hi Guys,
When I got the journal log is full message (over 5GB)
I stop graylog- server and delete the log and index file in /var/lib/graylog-server/journal/messagejournal-0/ folder
after done this I restart graylog server then I can not got any new incoming log…
But the journal log has created normally.
How can I fix this ?
Graylog Version : 4.2.8+c9edd92, codename Noir
Hello,
If you journal fills up that means something was wrong with your graylog instance. You may have other issues, to many to list here.
Best bet is to dig through you Logs files for Graylog and Elasticsearch. Perhaps some curl command to find out if elasticsearch is functioning correctly . If so, then I would restart Graylog service and Tail its log file /var/log/graylog-server try to find out anything on what’s going on.
Not much I can do here to help. You need to show more information.
Hi gsmith,
Finally I found the root case is :
I just deleted /var/lib/graylog-server/journal/messagejournal-0/ <= only this folder
It can let garylog can not get incoming log.
I tried to delete the /var/lib/graylog-server/journal/* then the system work normally!!
Thanks a lot.
@ericwu
That’s great I’m glad you resolved you issue, but in a productive environment this would be a bad idea deleting Logs/Messages from the journal. I really would find out why/what made this happen.
If you could mark this post as resolved for future searches that would be great 
@gsmith
The maximum journal log size is 5G and max age is 12h.
I think this was not enough for my system.
I just change to 10G and 6h.
Thanks for you reply and help.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
