I am running Graylog 4 natively on Ubuntu 20.04. How do you purge the entire configuration? I know I can kill the data by clearing out the ES Indices BUT, how do you completely clean the Graylog configuration to start fresh?
I’ve seen reference to a control script that only existed as part of the appliance, and apparently its also been discontinued.
So. How does one completely purge the Graylog configuration to start fresh?
assuming a default install I think the cleanest way would be to remove everything and start over.
stop everything and then apt-get remove
apt-get remove graylog-server
apt-get remove mongodb-org
apt-get remove elasticsearch
then you can install the latest supported versions of each and start over.
If you just want to purge the configuration, I would stop graylog, remove graylog, delete the graylog db from within mongodb. delete the data from ES. then reinstall graylog and start fresh.
optionally, you could upgrade all the components to the latest supported versions.
good luck
Thanks for the info. That was my hunch, but I wanted to make sure. Upgrading from 3 to 4 and ELK from 6.8 to 7.10 is what caused this whole mess…
I literally only use Graylog and ELK for syslog centralization and easy searching, and the upgrade completely screwed up everything. I think at this point you’re right… I’m going to remove everything and start over.
I didn’t think that a simple remove would purge the data though… I was pretty sure that simply removing mongodb will leave the database behind. I am nervous, but maybe a purge is the right thing to do…
default location for the dbs are /var/lib/mongodb
so
sudo rm -r /var/lib/mongodb
should delete them.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
