How to delete graylog_deflector?

Graylog Central (peer support)
1

I get the Error Message
"Deflector exists as an index and is not an alias. "
which results in an empty search.

I have seen Threads about this and the way to go is to stop GRAYLOG and delete the index “graylog_deflector”.
I am not sure on how to delete the index graylog_deflector once the GRAYLOG Services are stopped.

2

You can delete an index named “graylog_deflector” with the following command (replace 127.0.0.1 with the actual IP address or hostname of the Elasticsearch node):

curl -X DELETE 'http://127.0.0.1:9200/graylog_deflector'

See Delete Index | Elasticsearch Reference [5.6] | Elastic for details.

1 Like
3

I am confused, entering this command gives me the following Error:

"Failed to connect to IP-ADDRESS port 9200: Connection refused"
I put in the IP of the GRAYLOG Server (on which I access the web-interface).

On elastic.co I see a download option for Elasticsearch. I think I never downloaded / installed Elasticsearch regarding GRAYLOG.
If I don’t have to install Elasticsearch seperately how do I find out the IP-ADRESS?

4

How did you installed Graylog Justin?

If you use the OVA/Virtual Appliance that includes all needed software. You would need to push that command on the command line of that server as Elasticsearch is not listening on the public interface.

5

Hey Jan,
Yes I used the OVA/Virtuel Appliance.
I am on the COmmand Line Interface of the Machine trying to enter the line mentioned above. No luck so far.
Also tried curl -X DELETE 127.0.0.1:9200/graylog_deflector

6

The cURL command has to be run against the Elasticsearch HTTP API, not against the Graylog REST API.

You can get a list of processes listening to some (TCP) port with one of the following commands:

# lsof -i
# netstat -tplen

Elasticsearch is usually listening on port 9200/tcp.

And what was the result?

7

I got it working now and want to sum up the way to success for ppl like me who are new to GRAYLOG and usually don’t work with LINUX Systems:

  1. Stop all services but Elasticsearch (http://docs.graylog.org/en/2.3/pages/configuration/graylog_ctl.html#migrate-manually-from-1-x-to-2-x)

$ sudo -s

$ graylog-ctl stop graylog-web

$ graylog-ctl stop graylog-server

$ graylog-ctl stop mongodb

$ graylog-ctl stop nginx

$ graylog-ctl stop etcd

  1. If used OVA Image Eleasticsearchs default Port is 9200 to receive tasks. (Also see: http://docs.graylog.org/en/2.3/pages/configuration/graylog_ctl.html#migrate-manually-from-1-x-to-2-x)

Syntax: $ curl -X DELETE <appliance_IP>:9200/_template/graylog-internal

Example: $ curl -X DELETE ‘127.0.0.1:9200/graylog_deflector’

  1. Start all Services again (http://docs.graylog.org/en/2.3/pages/configuration/graylog_ctl.html?highlight=delete%20index#configuration-commands)

sudo graylog-ctl start

Thank you for all your help!

8

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.