Good afternoon,
I’m having trouble understanding the backup and restore flow of Elasticsearch indexes and retrieving the snapshot messages directly in the graylog.
I’ve already created elastic retention policies that run every day, and I’m performing the restore tests but I can’t retrieve the messages in Graylog for display.
Hello && Welcome
Correct me if I’m wrong, your trying to use Elasticsearch SnapShot & Restore?
If this is correct take a look here about ES SnapShot & Restore documentation.
I execute the Elasticsearch SnapShot & Restore and this post gave me clarity.
Hope that helps
hello I had already seen this other topic, my biggest doubt is how to make the graylog be able to access the indexes retrieved through the snapshot, if I restore with the graylog_ prefix the graylog understands that this is the default index, sorry if you got confused but not found no documentation on how to access indices restored by elastic in graylog
Hello,
I just posted on how Graylog can do this. Take a look at @aaronsachs post again. He explains it very clearly on what you need to do and shows examples.
If this is incorrect please show example or steps your doing, that would be helpful
EDIT: I’m sorry I missed this question.
Once your done restoring Indices you can manually set your Default Index you want. This is shown here in the red box.
Hi,
Sorry but restore not easy 
follows the prints of the step-by-step executed.
In the end I create a stream to read the restore_graylog_* index messages
however the messages still do not appear.
Does this feature only work correctly in the Enterprise version?
Hello,
Looks like you have the index in elasticsearch but graylog is not picking it up.
Graylog enterprise version is free, but you need to stay below 5 GB a day.
Not sure it will help you restore you index.
There was a note in @aaronsachs post that stated, did you try this?
“could see the index set, but it didn’t seem to indicate that there was anything there until I clicked on it:”
Have you tried rotate/recalculate your index “Restore” manually?
I completely understand, it took me a while to understand how it works and debugging for a couple of days. Once you start to understand it is kind of easy. Just keep working the issue.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
