@mntbighker I’ve not forgotten about this–it’s just taken longer than I expect because my normal day-to-day duties have kept me pretty busy. I want to ensure I understand what you’re expecting to see. My read is that you’re expecting to see the renamed Graylog indices (both those prefixed w/ graylog- and gl_) just show show up in Graylog–is accurate? If so, there’s additional steps that have to happen for an index to show up in Graylog, and those additional steps are what I was unaware of earlier in the post.
I’ll start this this: while an index can be snapshotted and restored to Graylog, Graylog on its own has no concept that the index exists, effectively resulting in it not being visible in the UI. That’s because an index set is required to inform Graylog that the index exists and should be read by Graylog. Graylog’s a bit dumb in this respect.
So let me walk through the test that I set up. I started by doing a pretty standard snapshot:
curl -X PUT "localhost:9200/_snapshot/my_backup/snapshot_1?wait_for_completion=true&pretty" -H 'Content-Type: application/json' -d '
{
"indices": "graylog_1",
"ignore_unavailable": true,
"include_global_state": false,
"metadata": {
"taken_by": "aaron",
"taken_because": "testing for community issue",
"date": "2021-04-09"
}
}
'
No issue there.
I then restored the snapshot to another Graylog deployment:
curl -X POST "192.168.156.181:9200/_snapshot/my_backup/snapshot_1/_restore?pretty" -H 'Content-Type: application/json' -d'
{
"indices": "graylog_1",
"ignore_unavailable": true,
"include_global_state": "false",
"rename_pattern": "graylog_(.+)",
"rename_replacement": "test_graylog_$1",
"include_aliases": false
}
'
Again, no issue. I double checked to see that the indices existed in the cluster:
curl "localhost:9200/_cat/indices?pretty"
green open restored_graylog_1 _5KCzSLnSG6HWVq1KOz8IA 4 0 20000601 0 7gb 7gb
green open test_graylog_1 VKDk6ZQ3Qq6R0Ytnp0G0Ew 4 0 20000601 0 7gb 7gb
Excellent–the indices exist, but they’re not showing up in Graylog:
So I created a new index set:
I’ll note that after saving, I could see the index set, but it didn’t seem to indicate that there was anything there until I clicked on it:
So the missing piece is indeed the Index Set–did you happen to try adding one for the graylog_ prefixed indices that you restored to see if that enabled the indices to show up?