Hello,
I am using Graylog3.0.2 version. whenever the index is rotated, the index range goes missing ( from 50 years to 50 years). i have to recalculate index everytime. is there a solution to this in the later release or we have some cron expression?
Can someone please help me with this?
you should check your Graylog server.log and the Elasticsearch log for errors - that is no normal behaviour.
What Elasticsearch Version did you use?
Hello,
Thanks for the reply. i am using elasticsearch 5.4 for this. I see a lot of index failures.
I see these in the logs.
2019-11-11 11:01:57,805 ERROR [Messages] - Failed to index [2] messages. Please check the index error log in your web interface for the reason. Error: One or more of the items in the Bulk request failed, check BulkResult.getItems() for more information. - {}
a few seconds ago graylog_1346 ef666731-0472-11ea-955f-3a954dd20aa6 {“type”:“mapper_parsing_exception”,“reason”:“failed to parse [status]”,“caused_by”:{“type”:“number_format_exception”,“reason”:“For input string: “INFO””}}
What does this mean?
Is it due to this parse error, if these happen to be the last or first message, the index range wont be calculated and we get this error?
we fixed the mapper_parsing_exception by adding a custom index mapping but still, when we rotate the index, the previous index range goes to "Contains messages from 50 years ago up to 50 years ago ".
you should really update at least to the latest elasticsearch version of 5.x - we have tested with 5.6 and that is working. We never did a complete test with older version.
So I guess your problem will be fixed after the elasticsearch upgrade.
Sure. thanks. we did not have this problem when we were using graylog 2.5. we got this after upgrading to graylog 3.0. Will try it. Thanks a ton for the help!!!
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
