Hello,
For several days I see my logs arrive on Graylog but they do not appear in the search menu
I have only one source that seems to work, the messages of my other servers arrive on Graylog but do not add in the elastisearch
My cluster is green
If I look graylog.log in /var/log/graylog/elasticsearch I have this error message
[2018-10-10T17:43:53,148][INFO ][o.e.c.m.MetaDataMappingService] [1ZvZhnI] [graylog_23/LoLBQPj2QwOWqoUXt7oJtw] update_mapping [message]
[2018-10-10T17:43:53,178][WARN ][o.e.g.DanglingIndicesState] [1ZvZhnI] [[graylog_0/cnL8m-dsRGWK2QXR25ql1w]] can not be imported as a dangling index, as index with same name already exists in cluster metadata
Hi,
I have one index set, I have configured for rotate period P1D and max indices:365.
I have 25 indices this morning.
This morning I do not have the problem anymore.
What could have happened? I monitor to see if in the coming days the problem reappears. thank you,
Just a wild guess - you had a previous installation before with elasticsearch and did not delete the data before you reuse the server for a new Graylog.
The guess is not completely crazy, it’s true that I had an earlier installation, before start a new graylog installation I have run graylog-ctl cleanse followed by graylog-ctl reconfigure.
I had no problem since this reset.
But last week I tried to configure pipelines, could the problem have a link? To be on yesterday I deleted my configuration of pipelines to resume the basics and redre appear my messages.
He @yoyohand
pipelines is only for messages processing and has nearly no connection to the indices. The only connection is because you can route messages with pipeline into different streams that can have different indices for saving the data.
