Unable to get any data on streams

blason · February 11, 2019, 11:22am

Hi there,

I am facing an issue with Graylog indices, my server HD got full hence Graylog stopped and I could not access graylog console. Since I first had to free up the disk space I had delete few old indices from Curl command line that is

curl -XDELEET http://127.0.0.1/graylog_1 and so on

After this I see the graylog has started however messages were not dumping in any of the indices however I see on the top that messages are being accepted but not sure where are those being stored.

Any clue what could have gone wrong?

Totally_Not_A_Robot · February 11, 2019, 11:45am

I recall another recent discussion that mentioned ElasticSearch having lots of trouble after its storage space had filled up. Could be that your Elastic instance has gone tits-up.

blason · February 12, 2019, 2:03am

Well I tried that but nothing worked. I guess reinstalling ES should do the trick? or any other measure you can recommend?

jan · February 12, 2019, 8:49am

what is in your Graylog server.log ? If the disk where the Graylog journal is located was full before the journal actually has grown to its max size, the journal is corrupt and you need to delete the message journal.

Totally_Not_A_Robot · February 12, 2019, 7:26pm

Reinstalling / wiping ElasticSearch is also a bit dramatic Is this your DEV/TEST environment? Or worse, production data?

blason · February 22, 2019, 4:43am

@Totally_Not_A_Robot That was prod data

@jan - How do I delete the journal data then? to make it work? and my version was 2.4.

Please suggest

Totally_Not_A_Robot · February 22, 2019, 7:22am

The question is: WAS it the Graylog journal disk that filled up? Or was it the ElasticSearch disk? The solution differs wildly.

blason · February 22, 2019, 5:58pm

Ooops. My bad, didnt read the question correctly.

Yes it was elasticsearch which filled up my disk not journal.

laakkus · February 22, 2019, 10:26pm

Did you try to manually rotate write indexes?
(Indices - click on name - maintenance)

jan · February 23, 2019, 2:06pm

How do I delete the journal data then? to make it work? and my version was 2.4.

stop graylog delete all content from the folder that is configured as your journal, start Graylog

Totally_Not_A_Robot · February 25, 2019, 9:24am

In that case @jan’s suggestion doesn’t apply. But then I’m also not sure on how to proceed, because as I’ve mentioned: I’ve read threads where ElasticSearch itself gets broken from running out of disk space. I reckon you’d do well to also investigate through ElasticSearch documentation and forums.

system · March 11, 2019, 9:25am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Graylog not processing messages after crash (ran out of space) Graylog Central (peer support)	5	3539	April 20, 2020
Graylog not indexing Graylog Central (peer support)	9	5413	January 25, 2019
Input not receiving any new messages Graylog Central (peer support)	26	7954	December 15, 2020
Journal Filling but Graylog not Processing Graylog Central (peer support)	8	4325	July 14, 2020
Nothing found in stream Graylog Central (peer support)	5	2103	September 10, 2019

Unable to get any data on streams

Related Topics