I have tried to migrate data to fresh new Elasticsearch cluster/Graylog (from all-in-one setup to distributing setup). Version are the same for Elasticsearch (6.8.10) and Graylog (3.3.1). Used the following steps:
- Created snapshot on the old Elasticsearch via API
- Restored snapshot on the new Elasticsearch via API (can see indices on ES)
- Created Index Set using indices prefix in new Graylog (can see indices count, size and also documents count)
- Recalculated index ranges on new Graylog for Index Set
After these steps, still can’t view any data using search on new Graylog. Trying to search for “all in messages”. Can see fields inside restored index on new Graylog (fields filter) and also can view data by using Elasticsearch API (/_search?q=) on new Elasticsearch cluster.
Do you have any thoughts what I’m missing or what need to do to use Graylog search to access restored data ?