Hi, Graylog's index retention will only delete indices if retention_strategy is set to delete (see https://github.com/Graylog2/graylog2-server/blob/1.3.3/misc/graylog2.conf#L129-L133). The index retention job runs every 5 minutes and removes (or closes) old indices.
You can also safely delete indices in Elasticsearch using the Delete Index API ( https://www.elastic.co/guide/en/elasticsearch/reference/1.7/indices-delete-index.html) to free more disk space. Cheers, Jochen On Wednesday, 10 February 2016 17:11:25 UTC+1, jeremys wrote: > > Thanks.. > > I set my indicies from 150 back to 50 but it is not deleting old indicies? > Currently, I have 128 indicies. I am assuming that it is not a good idea > to delete those manually? > > Here is the output. > > [2016-02-09 00:00:36,926][WARN ][cluster.routing.allocation.decider] > [Siryn] high disk watermark [90%] exceeded on > [9K50-EAOTHiZYQN5ziTtlg][Siryn] free: 26.4gb[8.9%], shards will be > relocated away from this node > [2016-02-09 00:01:06,959][WARN ][cluster.routing.allocation.decider] > [Siryn] high disk watermark [90%] exceeded on > [9K50-EAOTHiZYQN5ziTtlg][Siryn] free: 26.4gb[8.9%], shards will be > relocated away from this node > [2016-02-09 00:01:36,924][WARN ][cluster.routing.allocation.decider] > [Siryn] high disk watermark [90%] exceeded on > [9K50-EAOTHiZYQN5ziTtlg][Siryn] free: 26.4gb[8.9%], shards will be > relocated away from this node > [2016-02-09 00:01:36,926][INFO ][cluster.routing.allocation.decider] > [Siryn] high disk watermark exceeded on one or more nodes, rerouting shards > [2016-02-09 00:02:06,937][WARN ][cluster.routing.allocation.decider] > [Siryn] high disk watermark [90%] exceeded on > [9K50-EAOTHiZYQN5ziTtlg][Siryn] free: 26.4gb[8.9%], shards will be > relocated away from this node > [2016-02-09 00:02:36,924][WARN ][cluster.routing.allocation.decider] > [Siryn] high disk watermark [90%] exceeded on > [9K50-EAOTHiZYQN5ziTtlg][Siryn] free: 26.4gb[8.9%], shards will be > relocated away from this node > [2016-02-09 00:03:06,927][WARN ][cluster.routing.allocation.decider] > [Siryn] high disk watermark [90%] exceeded on > [9K50-EAOTHiZYQN5ziTtlg][Siryn] free: 26.4gb[8.9%], shards will be > relocated away from this node > [2016-02-09 00:03:06,928][INFO ][cluster.routing.allocation.decider] > [Siryn] high disk watermark exceeded on one or more nodes, rerouting shards > [2016-02-09 00:03:36,936][WARN ][cluster.routing.allocation.decider] > [Siryn] high disk watermark [90%] exceeded on > [9K50-EAOTHiZYQN5ziTtlg][Siryn] free: 26.4gb[8.9%], shards will be > relocated away from this node > [2016-02-09 00:04:06,953][WARN ][cluster.routing.allocation.decider] > [Siryn] high disk watermark [90%] exceeded on > [9K50-EAOTHiZYQN5ziTtlg][Siryn] free: 26.4gb[8.9%], shards will be > relocated away from this node > [2016-02-09 00:04:06,954][INFO ][cluster.routing.allocation.decider] > [Siryn] high disk watermark exceeded on one or more nodes, rerouting shards > [2016-02-09 00:04:36,933][WARN ][cluster.routing.allocation.decider] > [Siryn] high disk watermark [90%] exceeded on > [9K50-EAOTHiZYQN5ziTtlg][Siryn] free: 26.4gb[8.9%], shards will be > relocated away from this node > [2016-02-09 00:05:06,953][WARN ][cluster.routing.allocation.decider] > [Siryn] high disk watermark [90%] exceeded on > [9K50-EAOTHiZYQN5ziTtlg][Siryn] free: 26.4gb[8.9%], shards will be > relocated away from this node > [2016-02-09 00:05:06,954][INFO ][cluster.routing.allocation.decider] > [Siryn] high disk watermark exceeded on one or more nodes, rerouting shards > [2016-02-09 00:05:36,959][WARN ][cluster.routing.allocation.decider] > [Siryn] high disk watermark [90%] exceeded on > [9K50-EAOTHiZYQN5ziTtlg][Siryn] free: 26.4gb[8.9%], shards will be > relocated away from this node > [2016-02-09 00:06:06,927][WARN ][cluster.routing.allocation.decider] > [Siryn] high disk watermark [90%] exceeded on > [9K50-EAOTHiZYQN5ziTtlg][Siryn] free: 26.4gb[8.9%], shards will be > relocated away from this node > [2016-02-09 00:06:36,926][WARN ][cluster.routing.allocation.decider] > [Siryn] high disk watermark [90%] exceeded on > [9K50-EAOTHiZYQN5ziTtlg][Siryn] free: 26.4gb[8.9%], shards will be > relocated away from this node > [2016-02-09 00:06:36,928][INFO ][cluster.routing.allocation.decider] > [Siryn] high disk watermark exceeded on one or more nodes, rerouting shards > [2016-02-09 00:07:06,932][WARN ][cluster.routing.allocation.decider] > [Siryn] high disk watermark [90%] exceeded on > [9K50-EAOTHiZYQN5ziTtlg][Siryn] free: 26.4gb[8.9%], shards will be > relocated away from this node > [2016-02-09 00:07:36,926][WARN ][cluster.routing.allocation.decider] > [Siryn] high disk watermark [90%] exceeded on > [9K50-EAOTHiZYQN5ziTtlg][Siryn] free: 26.4gb[8.9%], shards will be > relocated away from this node > [2016-02-09 00:08:06,925][WARN ][cluster.routing.allocation.decider] > [Siryn] high disk watermark [90%] exceeded on > [9K50-EAOTHiZYQN5ziTtlg][Siryn] free: 26.4gb[8.9%], shards will be > relocated away from this node > [2016-02-09 00:08:06,927][INFO ][cluster.routing.allocation.decider] > [Siryn] high disk watermark exceeded on one or more nodes, rerouting shards > [2016-02-09 00:08:36,963][WARN ][cluster.routing.allocation.decider] > [Siryn] high disk watermark [90%] exceeded on > [9K50-EAOTHiZYQN5ziTtlg][Siryn] free: 26.4gb[8.9%], shards will be > relocated away from this node > [2016-02-09 00:09:06,925][WARN ][cluster.routing.allocation.decider] > [Siryn] high disk watermark [90%] exceeded on > [9K50-EAOTHiZYQN5ziTtlg][Siryn] free: 26.4gb[8.9%], shards will be > relocated away from this node > [2016-02-09 00:09:36,939][WARN ][cluster.routing.allocation.decider] > [Siryn] high disk watermark [90%] exceeded on > [9K50-EAOTHiZYQN5ziTtlg][Siryn] free: 26.4gb[8.9%], shards will be > relocated away from this node > > > On Wednesday, February 10, 2016 at 9:59:42 AM UTC-6, Jochen Schalanda > wrote: >> >> Hi, >> >> if you're using one of the official virtual appliances, you can use sudo >> to run commands as super user (root) or simply run sudo -i to open a >> shell with root privileges. >> >> >> Cheers, >> Jochen >> >> On Wednesday, 10 February 2016 16:30:53 UTC+1, jeremys wrote: >>> >>> If I am looking in the correct place, I am getting permission denied >>> when trying to view the elasticsearch folder under /var/log/graylog >>> >>> On Wednesday, February 10, 2016 at 9:25:46 AM UTC-6, Jochen Schalanda >>> wrote: >>>> >>>> Hi, >>>> >>>> are there any error messages in the logs of your Elasticsearch nodes? >>>> >>>> >>>> Cheers, >>>> Jochen >>>> >>>> On Wednesday, 10 February 2016 15:54:34 UTC+1, jeremys wrote: >>>>> >>>>> Two days ago, I noticed that my Elasticsearch cluster was unavailable. >>>>> I've followed the suggestions provided in the setup documentation but I >>>>> still cannot get the cluster to turn green. >>>>> >>>>> Graylog could not successfully connect to the Elasticsearch cluster. >>>>> If you're using multicast, check that it is working in your network and >>>>> that Elasticsearch is accessible. Also check that the cluster name >>>>> setting >>>>> is correct. Read how to fix this in the Elasticsearch setup >>>>> documentation. >>>>> <http://docs.graylog.org/en/1.3/pages/configuring_es.html#configuration> >>>>> >>>>> No changes were made between the time it was working and when it >>>>> stopped working. Any help would be greatly appreciated. Thank you >>>>> >>>> -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/daec3376-c60a-4d62-9e0d-b00212c8e0a2%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
