Well some google-searching allowed me to find how to discover and then delete the broken shared blocking everything
curl localhost:9200/_cluster/health showed my elasticsearch status was "red" - indicating the problem curl localhost:9200/_cat/shards showed "graylog2_11" was broken, so I used the following to delete it curl -XDELETE 'http://localhost:9200/graylog2_11' Then I restarted elasticsearch and graylog-server and now it's working again, although the "health" curl command still shows it as "yellow" - so something's still amiss I'd certainly like to know how to have fixed that broken indice/shard (?? terminology) instead of just throwing away 3Gb of data :-/ -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/e43fbb73-d363-469d-83ed-3cc19a49e0c3%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
