I just updated my Graylog installation (via Docker):
Graylog from 4.0 to 4.05
Elasticsearch from 6.8 to 7.10.1
After the update I rotated the active write index and recalculated the index ranges (System → Indices ->Maintenance).
After that I am having problems with my closed indices (default index set):
Time range of index is unknown, because index range is not available. Please recalculate index ranges manually
When I’m reopen the index and “recalculate index range” everything seems normal (time range and messages are being displayed). But after closing this index the “error” message pops up again.
I can’t search messages older than a few days like I could before the update.
Does anyone have an idea on how to solve this without deleting the old indices?
thanks for the post, I haven’t seen that before. Just days before I changed the shards from 1 to 4. The cluster was still green, there are about 120 active shards with 162 indices in my cluster. I didn’t found any suspicious entries in the logs.
Now all closed indices (even the indices that were closed after the update) are having the message “Time range of index is unknown, because index range is not available. Please recalculate index ranges manually”.
I think I will delete the old indices. I also changed my rotation strategy from Index Message Count to index time and the retention strategy from closing the index to deleting old indices.
