Recent upgrade: Default indices set incorrectly

Is there a way to switch the “All messages” default indices? The option to do so is greyed out.

I just did an upgrade from 3.1 to 4.1 (one version at a time and testing in between - 3.1->3.2->3.3 …). One of the options that was overlooked was explicitly setting the default prefix (elasticsearch_index_prefix). Now I have the stream “All messages” going to a new indices, “Default index set” (with the prefix ‘graylog’), with all other streams going to “Default index set” (with the prefix ‘graylog2’).

Are there other solutions to this? Move or merge the old indices into the new one?

Let me know if you have any questions.

Here is the solution I came to terms with:

1. Add “elasticsearch_index_prefix = <correct_prefix>” to graylog/server.conf
2. Restart graylog
3. Connect to MongoDB and switch the index_set_id for the correct one - it should be able to be determined by looking at other streams
4. Restart mongoDB

To make things a little easier I used the MongoDB extension for VSCode. Here is the json code:

{
  "_id": {
    "$oid": "000000000000000000000002"
  },
  "creator_user_id": "admin",
  "is_default_stream": false,
  "index_set_id": "<new_index_ID>",
  "matching_type": "AND",
  "remove_matches_from_default_stream": true,
  "description": "Stream containing all events created by Graylog",
  "created_at": {
    "$date": "2021-07-13T16:27:35.666Z"
  },
  "disabled": false,
  "title": "All events"
}

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.