Large number of deleted messages

Graylog Central (peer support)
1

1. Describe your incident:
Large number of deleted messages in the index stats page.

Screenshot 2022-09-02 095552
Screenshot 2022-09-02 095552822×71 17.7 KB

2. Describe your environment:

  • OS Information:
    Ubuntu 20.04
  • Package Version:
    Graylog 4.3.5
  • Service logs, configurations, and environment variables:
    Clean installation of Ubuntu and Graylog, no other packages installed, logs coming from a Windows machine with Graylog Sidecar and Filebeat… all default settings.

3. What steps have you already taken to try and solve the problem?
I have looked around and there are a couple of posts about this, they say some other process might be deleting from Elasticsearch directly, as this is a clean installation that is unlikely.

4. How can the community help?
On my other Graylog instances I’m not having this issue, and I’m not sure how to verify if there are indeed logs being deleted or not.
If you can provide any guidance on how to investigate this… Thank you.

2

Hello,

What do you see in the logs files Graylog/Elasticsearch?

1 Like
3

The weird thing is the deleted messages thing only shows up on a test machine, but today I deployed the exact same system on a production machine and there were no deleted messages whatsoever… I will investigate the matter when I get time, thank you very much…

1 Like
4

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.