Elasticsearch becomes readonly everyday for unknown reason

badihi · August 11, 2020, 8:05am

Hello there,
Graylog is so unstable and useless for me these days, as it suddenly stops to index messages in elasticsearch, because it becomes readonly. I cannot understand the reason, as there is plenty of space on the disk and the problem resolves immediately after executing the following command on the docker shell:

curl -XPUT -H "Content-Type: application/json" http://localhost:9200/_all/_settings -d '{"index.blocks.read_only_allow_delete": null}'

After that, all the logs sent during down time is lost and is not accessible. This is completely unacceptable for an infrastructural system like this to be so unstable and unreliable.

What is the problem with that? How can I find and resolve it? And how can I restore my lost data?

makarands · August 11, 2020, 1:07pm

@badihi Please share your Graylog server.log and the resources allocated for Graylog and Elasticsearch for preliminary checks.

zoulja · August 11, 2020, 5:54pm

It seems you find this magic command from your initial debug(probably elasticsearch logs). Would you mind to share these logs with us, good sir?

system · August 25, 2020, 5:54pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Graylog does not search! Graylog Central (peer support)	15	3502	July 4, 2019
Problem with elasticseach Graylog Central (peer support)	7	690	July 9, 2020
Indexer Failures NEW Graylog Central (peer support)	5	9289	June 4, 2019
Graylog elasticsearch -problem Graylog Central (peer support)	2	798	March 4, 2020
Graylog stops processing messages seemingly at random times Graylog Central (peer support)	7	1845	June 19, 2020

Elasticsearch becomes readonly everyday for unknown reason

Related topics