graylog es 故障问题相关问题解决
以下是整理关于因为es故障造成graylog 异常的一些解决方法
问题
- 现象
Deflector exists as an index and is not an alias - 解决
官方的步骤
- Stop all Graylog nodes
- (OPTIONAL) If you want to keep the already ingested messages, reindex them into the Elasticsearch index with the greatest number, e. g. graylog_23 if you want to fix the deflector graylog_deflector, via the Elasticsearch Reindex API.
- Delete the graylog_deflector index via the Elasticsearch Delete Index API.
- Add action.auto_create_index: false to the configuration files of all Elasticsearch nodes in your cluster and restart these Elasticsearch nodes, see Elasticsearch Index API - Automatic Index Creation and Creating an Index for details.
- Start the Graylog master node.
- Manually rotate the active write index of the index set on the System / Indices / Index Set page in the Maintenance dropdown menu.
- (OPTIONAL) Start all remaining Graylog slave nodes.
实际上我们可以不按照官方的做法,以下是一些实践(前提是现有的数据不是很重要,可以删除的)
- 可以不用停止graylog server
- 修改es 配置,添加action.auto_create_index: false注意需要重启es集群,理论上单台重启不会有影响的(和部署模型也有关系)
- 删除*_deflector 索引(可以通过api以及ui)
- 手工 rotate active write