Hello,
I’ve faced a strange problem and have no idea how to fix that without recreating all Graylog installation from scratch.
The problem is that after some json with big amounts of fields was added to logs, the amount of fields on the left toolbar became enormous (>12000) and API request to ‘/api/views/fields’ usually takes > 20 seconds. Which makes overall experience of using Graylog pretty awful.
And it’s interesting that this behaviour is only for request with streams selected. Without them (i.e. search everywhere) there is no performance issues.
I deleted those big json messages from all indexes I found using script from here Deleting logs from graylog/elasticsearch (a howto), but these fields are still available and Graylog is freezing for dozens of seconds on each select.
Is it possible to rebuild this index now? As I understand it’s somewhere in the Mongo.
I found only one similar issue on GitHub, but seems that it’s already fixed and unrelated.
My setup:
- Graylog 3.3.8+e223f85
- ElasticSearch 6.8.10
- Ubuntu 18.04.4 LTS
- Java 1.8.0_265