Hi, my data disk was corrupt, and I need to restore index with elasticsearch.
Data are restored, and I see them on graylog, but I can’t see newer logs. Nothing is written.
No error on logs.
I tryed recalculate index range but still nothing.
Im on graylog 2.3 with ES 2.3
What was the reason for the corruption?
What did you do to restore data and which data specifically?
What’s in the logs of your Graylog and Elasticsearch nodes?
Corruption was from the disk (ext2…)
i move my datas on xfs volume with same mount point.
my restore script is:
curl -s -XPOST “http://localhost:9200/_snapshot/quotidien/quotidien/_restore” -d “{“indices”: “graylog2_17”, “ignore_unavailable”: true, “include_global_state”: false}”
Graylog node have nothing special, and ES log have only restore logs GREEN to RED, and RED to GREEN
Was the Graylog journal directory on the same disk?
How do you know?
What’s the status of the Graylog Deflector index alias in Elasticsearch?
What do you means about graylog journal directory ? log ?
the deflector indexes are online, I just create a new ont to be sure, and 0 message.
What did you do exactly?
How exactly did you check the status of the deflector alias? And is it an index or an index alias?
message_journal is on other dir: /var/lib/graylog-server/journal
for deflector, i checked on head. graylog2_deflector is an alias of graylog2_18
Try removing all files in /var/lib/graylog-server/journal/ while Graylog is stopped and start it afterwards.
Disclaimer: This will delete all log messages which are in the journal and haven’t been written to Elasticsearch yet.
Wonderful, it work !
Thanks for quick answer !
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
