We had a disk-space problem, so the Graylog were unable to work (unreachable), after cleaning up the space and restarting the service, the search was too slow then we apply (Rotate Active write Index), the search became faster but a new index created and the previous one had a problem that 1 shard unassigned.
you lost data in the previous index.
no the index says that it has a 22 million messages , so its there but i don’t know how to confirm that this data is searchable, but i want to resolve the elasticsearch cluster, to make it green.
if you split your data in 4 pieces, and you have lost one piece. How did you think that you do not lose any message?
Graylog caches the information about what is present in the index - if you recalculate the index size you will see adjusted data in this.
BUT without knowledge about your elasticsearch environment can only give you this blog posting at hand to solve your issue: https://www.datadoghq.com/blog/elasticsearch-unassigned-shards/
1 Like
thanks for your help,
I’ve performed this query on kibana
GET graylog_25/_search_shards
, and in the result the last shard was an empty array,what dose this mean?
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.