You can setup X-Pack extension or some other monitoring tool to Elasticsearch. They will show where the problem lies.
It seems like you have only one shard? You could start by trying to set up Graylog index retention settins so that the shard size would be about 20-40G. This writing tells about some ES settings, including a rule-of-thumb for how much RAM you need: https://www.elastic.co/blog/how-many-shards-should-i-have-in-my-elasticsearch-cluster
Other than that the documents are pretty scattered. The monitoring tools are the best bet.
And, to your last question: if the data is corrupt, as it seems according to the result, delete the index:
- if you do not have an index graylog_1 already, then go to Graylog UI and manually rotate index.
- Delete the index graylog_0 from the Graylog UI.
(if the step 2 does not work, you cancurl -XDELETE http://ip:9200/graylog_0
)