If you are viewing each index under system>indices>select index, there is a line under the current “active write index” that states the number of segments, open search contexts, and deleted messages.
What does “deleted messages” mean and why are they being deleted?
“Deleted messages” are, well, messages that have been deleted in Elasticsearch.
Graylog itself doesn’t ever delete messages, so it has to be some external process deleting the documents in Elasticsearch directly.
The information itself comes from the Elasticsearch Indices Stats.
Thank you for the clarification. I wanted to make sure that the messages that were being deleted weren’t ones sitting in the journal and that they were actually making it into the Index.
Now off to solve why they are being deleted…
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
