Graylog restart always ends up with corrupted elasticsearch


(mik) #1

Hi,
if there is power shortage or anything bad happens to graylog box, there is 90% chance that you will spend hours figting corrupted elasticsearch shards.

I don’t care about previous data, I just need to be able to restore easily and put graylog back to work.

I suggest either offer option using something else (more simple!) than elasticsearch or implement some easy reset solution (for those who don’t matter data loss).


(Jan Doberstein) #2

Hej @mikgray

how did you install Graylog? What flavour of Graylog are you using? What Version of Graylog did you use?

If you are a little more verbose we might help you.

Jan


(mik) #3

Hi Jan,
it’s virtual appliance (OVA), version 2.2.2.


(Jan Doberstein) #4

Hej @mikgray

you should upgrade to at least version 2.3 ( http://docs.graylog.org/en/2.2/pages/configuration/graylog_ctl.html#upgrade-graylog ) and after that you have the command
sudo graylog-ctl cleanse available.

That does exactly what you want, it let you start from the scratch.


(mik) #5

That is cool indeed, saved me hours. Would be amazing, if it didn’t delete all configurations but just get resolved those elasticsearch shards issues.
Thank you, really appreciate that.


(Jan Doberstein) #6

@mikgray you ask for something to clean all mess and not something to resolve elasticsearch issues.


(system) #7

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.