Messages are in indices but not able to show up on search query

Hey Everyone,

I hope You all are doing great. and I really appreciate all your support

My use case is I have two Graylog server one is running with Graylog 3.0.2+1686930 which is the old one with Elastic search version 6.4 and other which is a new one which is running with the latest version Graylog 3.1.2+9e96b08 followed by Elastic search version 6.8

So basically we want to kill the older one but before that need to move some index to a new one

So what my ticket says is like we need to move a specific index which consists of some important documents, which we need to move to the new Graylog.

Ps. I already moved the indices to New Elastic search using Elastic-search Dump and I also Recalculate the indices in New Graylog and it matched the Document size exactly as in the old one

Also, all the new data are coming into the new Graylog

Issue:
When I am trying to Query for Older messages which Is there in indices but It doesn’t show up in search query it says no data.

I restarted the Graylog Nothing worked

Any suggestion/guidance would be really appreciated

Thanks

The problem is that your new Graylog is missing meta information in the old data.

That would have worked if the new Cluster would have used a copy of the configuration database of the old system as starting point. But as this is a total fresh installation meta information differ so the data is not readable.

Thanks, @jan I really appreciate your prompt reply

Yes that could be the reason but is there any mechanism or anything through we can import that metadata to the new one as I am using MongoDB in both Graylog server

we do not provide that option.

as this is something we want encurate users to do. It is a very hacky solution that might or might not work.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.