It just happened again and this time elasticsearch is hosed. The "out of memory" error was system-wide - dmesg confirmed it. So the system ran out of memory, elasticsearch crashed, and now graylog-server cannot talk to it any more.
When graylog-server attempts to connect to elasticsearch, it now reports [2015-07-31 22:50:25,943][WARN ][indices.cluster ] [Kate Neville] [graylog2_1][0] failed to mark shard as failed (because of [failed recovery]) I have no idea how to fix it (I never used graylog or elasticsearch until last week). Is there some form of recovery process I can run to get this working again? Either fix it or throw the broken bit away and start working again are outcomes I'd be happy with. At the moment the entire system is completely broken :-( Thanks -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/898f1c2d-2adc-41dc-82f5-f1d2743f7409%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
