We have many different graylog instances (v2.5.1) in our infrastructure, all pointing to a shared ElasticSearch cluster (each graylog has it’s own index).
By mistake we’ve deployed a new instance of graylog pointing to an existing index. So now have 2 graylog masters managing the same index. Yes this is bad.
What is the safest way to remove the index from the new graylog instance, but not delete the index.
Does this API provide this ability?
DELETE /system/indices/index_sets/{id}
if I pass ‘false’ for the delete_indices parameter?
Maybe I can help
Not quit sure whats going on. Could you explain in greater detail about your evironment.
I think you have a few Graylog servers pointing to one elasticsearch cluster. Knowning how you set that up would help greatly.
Thanks for replying, but we went with the brute force approach, and simply destroyed the graylog instance that was pointing to the wrong index - and recreated it.
But I would still be interested in understanding if we could of used the API I mentioned above.
Like I said we have many instances of graylog (each with their own master, and 2 slaves) - each graylog instance points to it’s own elastic search index for it’s default index. For example.
graylog-a uses an ‘a-logs’ index and
graylog-b uses a ‘b-logs’ index.
Like I said, we mistakenly deployed another graylog - i’ll call graylog-c, but it was configured with a default index of ‘b-logs’.
So the b-logs index was being rotated / managed by 2 graylog masters - and this caused issues with that index not being searchable - index ranges getting out of sync. I understand this is not supported - so was looking for ways to fix - correct the mistake - without risk of delete the b-logs index in elastic search.
So the question was could I use the graylog rest api of graylog-c and call
DELETE /system/indices/index_sets/{id-of-index-b}
if I pass ‘false’ for the delete_indices parameter?
