Graylog2-server: Graylog can't search for messages

Created on 8 Oct 2016  路  3Comments  路  Source: Graylog2/graylog2-server

Searches for messages in the last 5 minutes return nothing, while the "in/out msgs" at the top right shows messages are indeed coming in.

Expected Behavior

Should be able to view messages in the last 5 minutes.

Current Behavior

Search in the last 5 minutes return nothing.

Possible Solution

Updating?

Steps to Reproduce (for bugs)

I don't have definite steps to produce the issue but ill provide the issues and my actions that lead to the issue.
1) Graylog tried to rotate the index, to which it failed after elasticsearch status changed to red.
2) I then deleted an unassigned index in elasticsearch, restarted elasticsearch,mongodb, graylog in that order.
3) Restarted the Graylog server again after seeing the log Failed to index [29] messages. Please check the index error log in your web interface for the reason. Error: failure in bulk execution and multiple logs like [13]: index [graylog2_1], type [message], id [b00a3532-8d83-11e6-b532-005056984104], message [ClusterBlockException[blocked by: [FORBIDDEN/8/index write (api)];]]
4) Confirmed that logs are reaching the server, did a search, got nothing.

Your Environment

  • Graylog Version: 2.0.3 (f07c170), codename Rothaus
  • Elasticsearch Version: 2.3.5
  • MongoDB Version: 3.2.3
  • Operating System: RHEL 7.2
  • Browser version: Mozilla Firefox 47.0.1
picture ajpen

Most helpful comment

Workaround: In the webinterface:

System -> Indices -> Default index set -> Maintenance -> Rotate active write index

Should I open a new issue for this?

picture ge-fa on 6 Oct 2017
🎉3 👍1

All 3 comments

We are using GitHub issues for tracking bugs in Graylog itself, but this doesn't look like one. Please post this issue to our public mailing list or join the #graylog channel on freenode IRC.

Thank you!

jalogisch picture jalogisch on 10 Oct 2016

@jalogisch I'm running into this as well, after changing rotation strategy and related settings. I think this (the problem I'm describing; not the same as described above, but seems related) is indeed a bug, and here is the right place to discuss, debug and fix it.

Currently, I'm using 2.3.1.

ge-fa picture ge-fa on 6 Oct 2017

Workaround: In the webinterface:

System -> Indices -> Default index set -> Maintenance -> Rotate active write index

Should I open a new issue for this?

ge-fa picture ge-fa on 6 Oct 2017
🎉3 👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

1tft picture 1tft  路  3Comments
naisanza picture naisanza  路  4Comments
eroji picture eroji  路  4Comments
jalogisch picture jalogisch  路  3Comments
jalogisch picture jalogisch  路  3Comments