ok, I think I’m doing too much overtime and not remembering things that happened. I deleted those indices in a previous upgrade (I think from 2.2 to 2.3) via graylog. Looks like it didn’t removed everything, and when I copied the data folders from the testing VM to the production VM, those old indices came along too.
Sorry, please close this =)
So, as i’ve been documenting here, I tested the OVA and now we’re moving on to deploying it on production.
We just finished creating CentOS VMs and installing elasticsearch on them (5 VMs with 500gb hd and 8gb ram each) - and we decided to try and move the indices from the testing VM.
I was using 3 indices there: graylog, sysmon and symantec. Graylog indices are all green, but sysmon and symantec are red, and I have no idea on how to solve it. I’ve been reading ES docs but I’m at a loss.
[root@bsa-log-pvx05 ~]# curl '10.0.2.134:9200/_cat/indices?v'
health status index pri rep docs.count docs.deleted store.size pri.store.size
red open symantec__1 4 0
red open symantec__0 4 0
green open graylog_1 4 1 17979622 0 23.5gb 11.7gb
red open sysmon__0 4 0
green open graylog_0 4 1 19086275 0 21.8gb 10.9gb
green open graylog_5 4 1 1376 0 2.8mb 1.4mb
green open graylog_4 4 1 8563362 0 11.8gb 5.9gb
green open graylog_3 4 1 16227972 0 21.8gb 10.9gb
green open graylog_2 4 1 6873772 0 8.6gb 4.3gb