Graylog 3.1.3, gl-events index missing a shard... what to do?

Hi there,

I have a Graylog 3.1.3 system. In adding an elasticsearch node to the elasticsearch cluster, I accidentally started elasticsearch with a later version of elasticsearch than is in the existing cluster. One of the 5 shards of the ‘gl-events’ index was migrated to that node. I realised my error and reinstalled the correct, earlier version of elasticsearch on the new node. Now the elasticsearch cluster is red because it is missing one of the shards of the ‘gl-events’ index.

I’ve restarted the Graylog master node in an attempt to fix the situation, but it persists.

How to fix it? Can I delete the index, and assume it will be automatically recreated? Can I add replica shards to the index to avoid this issue happening in future?

Thanks!

you will loose the events - when you have some. But you can rotate the index and after that delete the old one - for example.

That can be done on the Graylog UI System > indices > Events (click on the name) > Maintenance (rotate active write index) and after that delete the old one.

Thanks Jan, all good now

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.