Hi,
The config look OK,
I see the following indexes and look like old data (before the April 14th
is not part of the index
Why Graylog didn't take / index the old data ?
How I can enforce it ?
{
"total" : 6,
"ranges" : [ {
"index_name" : "graylog_5",
"begin" : "1970-01-01T00:00:00.000Z",
"end" : "1970-01-01T00:00:00.000Z",
"calculated_at" : "2016-04-18T11:09:10.089Z",
"took_ms" : 267
}, {
"index_name" : "graylog_0",
"begin" : "2016-04-14T19:46:32.000Z",
"end" : "2016-04-15T17:09:09.833Z",
"calculated_at" : "2016-04-15T20:20:56.963Z",
"took_ms" : 556
}, {
"index_name" : "graylog_1",
"begin" : "2016-04-15T17:00:57.000Z",
"end" : "2016-04-15T20:21:27.780Z",
"calculated_at" : "2016-04-15T20:21:28.314Z",
"took_ms" : 62
}, {
"index_name" : "graylog_2",
"begin" : "2016-04-15T20:20:21.000Z",
"end" : "2016-04-16T15:53:49.737Z",
"calculated_at" : "2016-04-16T15:53:50.181Z",
"took_ms" : 414
}, {
"index_name" : "graylog_3",
"begin" : "2016-04-16T15:49:46.000Z",
"end" : "2016-04-17T14:37:28.688Z",
"calculated_at" : "2016-04-17T14:37:30.067Z",
"took_ms" : 278
}, {
"index_name" : "graylog_4",
"begin" : "2016-04-17T14:32:09.000Z",
"end" : "2016-04-18T11:09:09.743Z",
"calculated_at" : "2016-04-18T11:09:10.087Z",
"took_ms" : 291
} ]
}
On Monday, April 18, 2016 at 8:16:38 AM UTC-7, Jochen Schalanda wrote:
>
> Hi Idan,
>
> please make sure that the elasticsearch_index_prefix
> <https://github.com/Graylog2/graylog2-server/blob/1.3.4/misc/graylog2.conf#L139-L140>
>
> and the elasticsearch_cluster_name
> <https://github.com/Graylog2/graylog2-server/blob/1.3.4/misc/graylog2.conf#L154-L157>
>
> settings are correct and correspond with the actual cluster name of your
> Elasticsearch node(s).
>
> Additionally please check the logs of your Elasticsearch node(s) and the
> output of the following curl command (replace localhost with the host name
> or IP address of one of your Elasticsearch nodes):
>
> $ curl http://localhost:9200/_cat/indices?v
>
>
>
> Cheers,
> Jochen
>
> On Friday, 15 April 2016 22:43:46 UTC+2, Idan Lerer wrote:
>>
>> Hi Jochen,
>> Thanks for your quick reply.
>>
>> I ran the following
>>
>> wget
>> https://packages.graylog2.org/releases/graylog-omnibus/ubuntu/graylog_latest.deb
>> sudo graylog-ctl stop
>> sudo dpkg -G -i graylog_latest.deb
>> sudo graylog-ctl reconfigure
>>
>> I still see all my dashboard I configured but I can see only the data
>> since the upgrade
>>
>>
>> On Friday, April 15, 2016 at 10:27:55 AM UTC-7, Jochen Schalanda wrote:
>>>
>>> Hi Idan,
>>>
>>> how exactly did you upgrade Graylog? What's the configuration of your
>>> Graylog server and your Elasticsearch node(s)?
>>>
>>>
>>> Cheers,
>>> Jochen
>>>
>>> On Friday, 15 April 2016 18:52:08 UTC+2, Idan Lerer wrote:
>>>>
>>>> Hello,
>>>> I just upgraded from Graylog v1.3.4 from1.1.3.
>>>> All my settings saved and I can see all my collection / dashboards ETC.
>>>> But I can't see all the data collected by the Graylong before the
>>>> upgrade.
>>>> When I try to search old data before the upgrade I'm not getting any
>>>> results.
>>>> On the disk, I do see the Graylog disk
>>>> /dev/mapper/graylog--indices-graylog--indices have the same used space as
>>>> it was before the upgrade.
>>>> Where is all my old data ? what I'm missing ?
>>>>
>>>
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/c2146fc3-bb07-4cc5-9438-737ce0b6868d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
