Unable to change default index in Graylog2

Graylog Central (peer support)
1

I’m trying to set the elasticsearch index name in graylog configuration file. But its not reflected after the initialisation. Still its creating index as “graylog_0” in elasticsearch.

Should I need to make changes in somewhere else ?.

config entry:

elasticsearch_index_prefix = syslog
elasticsearch_template_name = syslog-internal
elasticsearch_cluster_name = syslog

Elasticsearch output:

[root@syslog-10 ~]# curl http://localhost:9200/_cat/indices?pretty
green open graylog_0 4 0 0 0 520b 520b
[root@syslog-10 ~]#

Please help. Thanks

2

Which version of Graylog are you using?

3

I’m using graylog-server-2.2.3-1.noarch

Done the installation based on this doc : http://docs.graylog.org/en/2.2/pages/installation/os/centos.html

4

The index-specific settings like template name and index prefix have been moved into the database as part of the Index Set configuration.

5

Thanks, Now I can create my own index in elsaticsearch.

But unable to delete the default index as “streams was assigned to default index” . I tried to change the default streams to newly created one. But couldn’t find an option to changes the default streams.

I could change the default index set to newly created.

6

I can create custom index now . but Logs are still going to default index [ graylog_0] not to my custom index.

Should I need to make any changes in the settings to send all message to custom index ?

Please help. Thanks.

7

You have to assign your custom index set to the “All messages” stream.

An index set can only be deleted if there are no streams using it.

8

If you don’t mind, could you please share some screenshot where I can assign the custom index to “all Messages” streams.

I tried , I can change only the default index. but couldn’t find an option to assign “All messages” stream to custom index

9

You’re right. It’s currently not possible to change the index set used by the “All messages” stream. :thinking: