When you do not have enterprise support closing and opening elastic search indexes can break stuff in Graylog 2.4.6.
Elastic Search Indexes Close/Open
The official documentation for Elasticsearch 2.4.6 closing and opening an index can be found here:
https://www.elastic.co/guide/en/elasticsearch/reference/2.4/indices-open-close.html
curl -XPOST 'localhost:9200/my_index/_close'
curl -XPOST 'localhost:9200/my_index/_open'
Closing an index
To close an index:
# curl -XPOST 'http://localhost:9200/graylog_900/_close'
{"acknowledged":true}
To close more than one index use * (example below closes all indexes that start with graylog_9):
# curl -XPOST 'http://localhost:9200/graylog_9**/_close'
{"acknowledged":true}
Opening an index
To open an index:
# curl -XPOST 'http://localhost:9200/graylog_900/_open'
Graylog 2.4.6 issues when restoring an index
I ran in to multiple problems after closing indexes. My biggest problem was that Grayload search suddenly wasn’t showing anything for the past 14 hours. I was receiving data just fine.
To fix this you need to rotate the index set.
Steps:
- Browse to menu item “System” -> “Indicies”
- Click “Default Index Set”
- Click the button “Maintenance” -> “Rotate active write index”
Once you complete the above steps you will be able to search the past 13 hours or so of data. If you are restoring a lot of indexes i recommend “Maintenance” -> “Recalculate index ranges”