Before you post: Your responses to these questions will help the community help you. Please complete this template if you’re asking a support question.
Don’t forget to select tags to help index your topic!
1. Describe your incident:
I recently changed our AWS OpenSearch to use or2 instance type. These require a minimum 10s refresh interval on indexes. I have updated all the “Field Type Refresh Interval” settings to respect this. However, the “Graylog System Events“ index is not respecting it’s setting of “60s”
2. Describe your environment:
-
OS Information: Rocky 9/Docker
-
Package Version: Graylog 6.3.2+667aca0
-
Service logs, configurations, and environment variables:
Suppressed: org.graylog.shaded.opensearch2.org.opensearch.client.ResponseException: method [PUT], host [https://*****.es.amazonaws.com], URI [/_template/gl-system-events-template?master_timeout=30s], status line [HTTP/1.1 400 Bad Request]
{"error":{"root_cause":[{"type":"illegal_argument_exception","reason":"invalid index.refresh_interval [1s]: cannot be smaller than cluster.minimum.index.refresh_interval [10s]"}],"type":"illegal_argument_exception","reason":"invalid index.refresh_interval [1s]: cannot be smaller than cluster.minimum.index.refresh_interval [10s]"},"status":400}
3. What steps have you already taken to try and solve the problem?
- Manually updated the existing indices and template in OS. Graylog always just writes all the settings to the template anyway
- Had a quick look through the graylog code to see if this is hard-coded somewhere. Didn’t find anything.
- I have several other indexes which are rotating correctly and using the respective refresh interval in its settings.
4. How can the community help?
Helpful Posting Tips: Tips for Posting Questions that Get Answers [Hold down CTRL and link on link to open tips documents in a separate tab]