Well some google-searching allowed me to find how to discover and then delete the broken shared blocking everything
curl localhost:9200/_cluster/health showed my elasticsearch status was "red" - indicating the problem curl localhost:9200/_cat/shards showed "graylog2_11" was broken, so I used the following to delete it curl -XDELETE 'http://localhost:9200/graylog2_11' Then I restarted elasticsearch and graylog-server and now it's working again, although the "health" curl command still shows it as "yellow" - so something's still amiss I'd certainly like to know how to have fixed that broken indice/shard (?? terminology) instead of just throwing away 3Gb of data :-/ -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/e43fbb73-d363-469d-83ed-3cc19a49e0c3%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.