Elasticsearch becomes readonly everyday for unknown reason

Hello there,
Graylog is so unstable and useless for me these days, as it suddenly stops to index messages in elasticsearch, because it becomes readonly. I cannot understand the reason, as there is plenty of space on the disk and the problem resolves immediately after executing the following command on the docker shell:

curl -XPUT -H "Content-Type: application/json" http://localhost:9200/_all/_settings -d '{"index.blocks.read_only_allow_delete": null}'

After that, all the logs sent during down time is lost and is not accessible. This is completely unacceptable for an infrastructural system like this to be so unstable and unreliable.

What is the problem with that? How can I find and resolve it? And how can I restore my lost data?

@badihi Please share your Graylog server.log and the resources allocated for Graylog and Elasticsearch for preliminary checks.

It seems you find this magic command from your initial debug(probably elasticsearch logs). Would you mind to share these logs with us, good sir?

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.