Messages getting updated in graylog_deflector

Srumith · February 9, 2018, 11:27am

Hi Team

My messages are getting updated in graylog_deflector. I have created another index called graylog_0, but that is not getting updated. Please help.

Thanks
Srumith.

jochen · February 9, 2018, 12:29pm

graylog_deflector should be an index alias, not a real index.

If it is an index instead of an index alias (also check the logs of your Graylog nodes for that), perform the following steps to rectify the situation:

Stop all Graylog nodes
(OPTIONAL) If you want to keep the already ingested messages, reindex them into the graylog_0 index via the Elasticsearch Reindex API:
https://www.elastic.co/guide/en/elasticsearch/reference/5.6/docs-reindex.html
Delete the graylog_deflector index:
https://www.elastic.co/guide/en/elasticsearch/reference/5.6/indices-delete-index.html
Add action.auto_create_index: false to all Elasticsearch configuration files in your cluster and restart all Elasticsearch nodes:
https://www.elastic.co/guide/en/elasticsearch/reference/5.6/docs-index_.html#index-creation
https://www.elastic.co/guide/en/elasticsearch/guide/2.x/_creating_an_index.html
Start the master Graylog node

system · February 23, 2018, 12:29pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Graylog - Uncommited messages deleted from journal & utilization is too high Graylog Central (peer support) sidecar	7	15207	November 29, 2017
Graylog_deflector exists as an indexer and is not an alias Graylog Central (peer support)	4	5124	November 12, 2018
Deflector exists as an index and is not an alias. Reopen Graylog Central (peer support)	5	3248	December 27, 2017
Don't receive log / graylog deflector Graylog Central (peer support)	2	525	May 14, 2019
Graylog not functioning Graylog Central (peer support)	12	1831	May 29, 2018

Messages getting updated in graylog_deflector

Related Topics