Thats what I ended up doing. I stopped Graylog and Elasticsearch before making my changes to the log path. I wonder 1. Why the logs were so big and 2. Why I had to delete the journal. Next time I won't wait so long, this time I lost 500k messages by the time I deleted the journal.
On Monday, September 5, 2016 at 4:55:10 AM UTC-6, Phil Sumner wrote: > > You may need to delete the journal too, just be aware that you'll lose any > messages in there. > > On Friday, 2 September 2016 18:04:28 UTC+1, [email protected] wrote: >> >> Here is my elasticsearch log starting from when I restarted the >> elasticsearch service. http://pastebin.com/4WR3Nn5K >> >> On Friday, September 2, 2016 at 10:57:37 AM UTC-6, [email protected] >> wrote: >>> >>> I had changed the path for elasticsearch data to a second HDD, but not >>> the logs. Today my root HDD reached 99% as a result. I stopped Graylog, >>> deleted the elasticsearch logs at /var/log/elasticsearch, and edited the >>> elasticsearch.yml to point to the second HDD. I rebooted my machine and my >>> HDD's now have ample space again. However, Graylog isn't processing any >>> incoming messages. I have ~400k messages showing unprocessed. On the >>> overview page everything is green. I've restarted, Graylog, Elasticsearch, >>> and the server. No change. Any ideas on what I can do? >>> >>> The journal contains 406,203 unprocessed messages in 5 segments. 0 >>> messages appended, 0 messages read in the last second. >>> >>> Thanks in advance for your help. >>> >> -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/c3fa33bd-ff67-4ed8-89d5-0aa9c3bbf236%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
