Sometimes Could not execute search after 14 days

Tafsir_Alam · December 6, 2018, 6:42am

Hi All, I am opening the same ticket again because I am not able to find the solution. Please help me with this.

I am able to search logs till 14 days in graylog but if I search for 30 days or 60 days it prompt could not execute search error. Please help me to solve this problem. Also sometimes working for 30 days or 60 days but not always. Not able to understand the exact reason why it’s happening. Also not getting any index specific error.

Details message only print: Unable to perform search query.

What to do in this case?

Thanks

jan · December 6, 2018, 7:55am

This is not a ticket system - it is a forum. That is why you post here and not opening a ticket.
Why you did not reference your already written posting when you mention it in the text?

I guess that you tamper the ES indices outside of Graylog direct with the Elasticsearch API, Curator or any other tool. In the end, the result is that Graylog is not away what is possible to search in what indices.

Should you modify any Index outside of Graylog, or have your above mentioned issues. Re-calculate the index range in System > indices > index name > maintanance

Tafsir_Alam · December 6, 2018, 8:10am

Yup it is a forum. By mistake written ticket.

Reference to already written post: Unable to perform search query after 14 days

Here is my Index Set settings

43%20PM

jan · December 6, 2018, 8:28am

Did you read my last posting till the end?

Should you modify any Index outside of Graylog, or have your above mentioned issues. Re-calculate the index range in System > indices > index name > maintanance

Totally_Not_A_Robot · December 6, 2018, 2:24pm

Four shards, zero replicas.

Silly question, but could it be you run an Elastic cluster and that one or more nodes are down?
Or could it be that someone has manually mucked around in Elastic or even worse: with its files on the file system?
What are your retention policies on the index?

jan · December 6, 2018, 2:26pm

What are your retention policies on the index?

You see in the image - 360 indices, every 6 hours rotation what makes 90 days.

system · December 20, 2018, 2:26pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Unable to perform search query after 14 days Graylog Central (peer support)	10	1559	October 24, 2018
Could not execute search when using searches over 14 days Graylog Central (peer support)	6	1150	September 20, 2017
Could not execute search graylog Graylog Central (peer support)	2	4855	July 27, 2018
Still getting search failures under 2.3.1 Graylog Central (peer support)	4	751	September 14, 2017
Unable to execute search Exception: org.elasticsearch.action.search.SearchPhaseExecutionException Graylog Central (peer support)	11	872	February 26, 2019

Sometimes Could not execute search after 14 days

Related topics