Hi all. I am running Graylog 4.1 and I’ve had a failure with my single/only Elasticsearch node that unfortunately I think would be easier if I just rebuilt it from scratch. I’m not too concerned with the data there.
I’m assuming that if I connect Graylog to that rebuilt/blank Elasticsearch node that it won’t be happy (missing indexes, etc.) Is there some steps I can take on the Graylog server to clear its “memory” of the indexes so that I can start over with creating/rotating them?
Just to clarify Graylog’s Metadata ( AKA memory) is stored in MongoDb. I personal haven’t had to reinstall Elasticsearch but to uninstall elasticsearch and starting fresh may have some problems with it. Using YUM or APT may not remove all the data/files associated with the OLD elasticsearch installation so be aware.
May I ask why you need to re-install Elasticsearch? and how bad is it?
We maybe be able to help you revive the old one.
EDIT: if you do we would need more information about you environment.
To me it sounds like your at the stage where it’s probably best to just start both nodes over from scratch. Is there an overly compelling reason you want to hold onto the configuration? Perhaps this is the chance to rebuild your instance with all the knowledge you wish you had when you did it the first time.
