Thanks for replying, but we went with the brute force approach, and simply destroyed the graylog instance that was pointing to the wrong index - and recreated it.
But I would still be interested in understanding if we could of used the API I mentioned above.
Like I said we have many instances of graylog (each with their own master, and 2 slaves) - each graylog instance points to it’s own elastic search index for it’s default index. For example.
graylog-a uses an ‘a-logs’ index and
graylog-b uses a ‘b-logs’ index.
Like I said, we mistakenly deployed another graylog - i’ll call graylog-c, but it was configured with a default index of ‘b-logs’.
So the b-logs index was being rotated / managed by 2 graylog masters - and this caused issues with that index not being searchable - index ranges getting out of sync. I understand this is not supported - so was looking for ways to fix - correct the mistake - without risk of delete the b-logs index in elastic search.
So the question was could I use the graylog rest api of graylog-c and call
if I pass ‘false’ for the delete_indices parameter?
or is there another way i could of fixed this?