Here's the issue: https://github.com/Graylog2/graylog2-server/issues/640 <https://github.com/Graylog2/graylog2-server/issues/640>More elaborate, and I had to correct some observations as I tested it a few more times.
Regards, J. On Thursday, July 31, 2014 11:58:20 AM UTC+9, J John wrote: > > Hello Edmundo, > > thanks for the prompt reply. Opening the closed indices in question in the > web interface is not possible either, so I will open an issue with the > information you requested, albeit that'll take some time. Here's the > general outline: > > If elasticsearch_max_number_of_indices in graylog2.conf is set to N, the > Indices page in the web interface will show N indices altogether, that > includes the write-active index. For all indices except the write-active > one, the only actions available are 'close' and 'delete'. In elasticsearch, > all indices listed by Graylog are marked open. None of the indices marked > close is being available for action via the web interface. > > I think you're correct with the assessment that Graylog doesn't know how > to properly un-manage its indices. > > Again, I'll follow up with a detailed issue soon and link it here. > > Thanks & best regards, > J. > > On Thursday, July 31, 2014 1:28:13 AM UTC+9, Edmundo Alvarez wrote: >> >> Hello, >> >> I think the problem is that Graylog2 can’t tell if you opened that old >> index manually or if it was already open. Could you please try to open the >> index by using the Graylog2 web interface? To do that, click on “System" -> >> "Indices" and open the closed index you want to use for searching. >> >> Please feel free to open an issue including logs from Graylog2 web >> interface, server, and Elasticsearch if that doesn’t work either, so we can >> investigate the issue further. >> >> Regards, >> >> Edmundo Alvarez >> Developer >> >> Tel.: +49 (0)40 609 452 077 >> Fax.: +49 (0)40 609 452 078 >> >> TORCH GmbH >> Steckelhörn 11 >> 20457 Hamburg >> Germany >> https://www.torch.sh/ >> >> Commercial Reg. (Registergericht): Amtsgericht Hamburg, HRB 125175 >> Geschäftsführer: Lennart Koopmann (CEO) >> >> On 30 Jul 2014, at 09:28, J John <jens....@gmail.com> wrote: >> >> > Good day; >> > >> > the comments in the example graylog2 server configuration file >> currently read as follows: >> > >> > # Decide what happens with the oldest indices when the maximum number >> of indices is reached. >> > # The following strategies are availble: >> > # - delete # Deletes the index completely (Default) >> > # - close # Closes the index and hides it from the system. Can be >> re-opened later. >> > retention_strategy = close >> > >> > I am using the setting for retention_strategy as shown above. >> > >> > My question is about the comment 'can be re-opened later': after >> closing an old index, I now want to search through the messages in it with >> Graylog. When I tell elasticsearch to re-open the index I want to search, >> the index for a short interval becomes live in Graylog (the message count >> on the Streams page includes the message of the re-opened index) but gets >> closed by Graylog automatically a moment later, making it again unavailable >> for search. >> > >> > Is this intended behaviour, meaning that I am supposed to increase the >> maximum number of allowed indices to accommodate the re-opened indices, >> then reload the server config/restart the server and THEN be able to search >> through the old indices (meaning that I have to perform the steps in >> reverse to get them offline again)? Or is this unintended and should I open >> an issue about it, because this is obviously a rather tedious/inconvenient >> process that can be improved? I haven't seen any issues that address this >> problem in this form. >> > >> > Best regards, >> > J >> > >> > -- >> > You received this message because you are subscribed to the Google >> Groups "graylog2" group. >> > To unsubscribe from this group and stop receiving emails from it, send >> an email to graylog2+u...@googlegroups.com. >> > For more options, visit https://groups.google.com/d/optout. >> >> -- You received this message because you are subscribed to the Google Groups "graylog2" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.