Hi,
The config look OK,
I see the following indexes and look like old data (before the April 14th
is not part of the index
Why Graylog didn't take / index the old data ?
How I can enforce it ?
{
"total" : 6,
"ranges" : [ {
"index_name" : "graylog_5",
"begin" : "1970-01-01T00:00:00.000Z",
"end" : "1970-01-01T00:00:00.000Z",
"calculated_at" : "2016-04-18T11:09:10.089Z",
"took_ms" : 267
}, {
"index_name" : "graylog_0",
"begin" : "2016-04-14T19:46:32.000Z",
"end" : "2016-04-15T17:09:09.833Z",
"calculated_at" : "2016-04-15T20:20:56.963Z",
"took_ms" : 556
}, {
"index_name" : "graylog_1",
"begin" : "2016-04-15T17:00:57.000Z",
"end" : "2016-04-15T20:21:27.780Z",
"calculated_at" : "2016-04-15T20:21:28.314Z",
"took_ms" : 62
}, {
"index_name" : "graylog_2",
"begin" : "2016-04-15T20:20:21.000Z",
"end" : "2016-04-16T15:53:49.737Z",
"calculated_at" : "2016-04-16T15:53:50.181Z",
"took_ms" : 414
}, {
"index_name" : "graylog_3",
"begin" : "2016-04-16T15:49:46.000Z",
"end" : "2016-04-17T14:37:28.688Z",
"calculated_at" : "2016-04-17T14:37:30.067Z",
"took_ms" : 278
}, {
"index_name" : "graylog_4",
"begin" : "2016-04-17T14:32:09.000Z",
"end" : "2016-04-18T11:09:09.743Z",
"calculated_at" : "2016-04-18T11:09:10.087Z",
"took_ms" : 291
} ]
}
On Monday, April 18, 2016 at 8:16:38 AM UTC-7, Jochen Schalanda wrote:
>
> Hi Idan,
>
> please make sure that the elasticsearch_index_prefix
> <https://github.com/Graylog2/graylog2-server/blob/1.3.4/misc/graylog2.conf#L139-L140>
>
> and the elasticsearch_cluster_name
> <https://github.com/Graylog2/graylog2-server/blob/1.3.4/misc/graylog2.conf#L154-L157>
>
> settings are correct and correspond with the actual cluster name of your
> Elasticsearch node(s).
>
> Additionally please check the logs of your Elasticsearch node(s) and the
> output of the following curl command (replace localhost with the host name
> or IP address of one of your Elasticsearch nodes):
>
> $ curl http://localhost:9200/_cat/indices?v
>
>
>
> Cheers,
> Jochen
>
> On Friday, 15 April 2016 22:43:46 UTC+2, Idan Lerer wrote:
>>
>> Hi Jochen,
>> Thanks for your quick reply.
>>
>> I ran the following
>>
>> wget
>> https://packages.graylog2.org/releases/graylog-omnibus/ubuntu/graylog_latest.deb
>> sudo graylog-ctl stop
>> sudo dpkg -G -i graylog_latest.deb
>> sudo graylog-ctl reconfigure
>>
>> I still see all my dashboard I configured but I can see only the data
>> since the upgrade
>>
>>
>> On Friday, April 15, 2016 at 10:27:55 AM UTC-7, Jochen Schalanda wrote:
>>>
>>> Hi Idan,
>>>
>>> how exactly did you upgrade Graylog? What's the configuration of your
>>> Graylog server and your Elasticsearch node(s)?
>>>
>>>
>>> Cheers,
>>> Jochen
>>>
>>> On Friday, 15 April 2016 18:52:08 UTC+2, Idan Lerer wrote:
>>>>
>>>> Hello,
>>>> I just upgraded from Graylog v1.3.4 from1.1.3.
>>>> All my settings saved and I can see all my collection / dashboards ETC.
>>>> But I can't see all the data collected by the Graylong before the
>>>> upgrade.
>>>> When I try to search old data before the upgrade I'm not getting any
>>>> results.
>>>> On the disk, I do see the Graylog disk
>>>> /dev/mapper/graylog--indices-graylog--indices have the same used space as
>>>> it was before the upgrade.
>>>> Where is all my old data ? what I'm missing ?
>>>>
>>>
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/c2146fc3-bb07-4cc5-9438-737ce0b6868d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
