Empty Indexes?

KuboMD · October 29, 2018, 4:05pm

Hi there,
I'm running a Graylog server. I accidentally deleted the contents of my index folders.

/var/lib/elasticsearch/nodes/0/indices/TkNxWZ2BQmGznq5Xv77CxQ/3/index# ls
Returns nothing. The same goes for my 0, 1, and 2/index.

I'm not worried about the lost data, but Graylog won't function without Elasticsearch. How can I restore the contents of the folders to a working state?

Thanks

dadoonet · October 29, 2018, 4:21pm

DELETE the missing index from the API.
That should fix it I guess.

KuboMD · October 29, 2018, 4:46pm

David,
Sorry. Do you mean I should remove the /var/lib/elastichsearch/nodes/0/indices/TkNxWZ2BQmGznq5Xv77CxQ directory?

Thanks

dadoonet · October 29, 2018, 5:02pm

No I meant running

DELETE indexname

From Kibana or from curl

KuboMD · October 29, 2018, 5:19pm

David,
Thanks for the reply.
Before I try that I've got to ask, will Elasticsearch create a new index automatically?

Thanks

dadoonet · October 29, 2018, 7:38pm

Only if you send new data to it.

KuboMD · October 29, 2018, 8:01pm

Gotcha. Thanks David

KuboMD · November 2, 2018, 12:08pm

Hi David,
I was hoping maybe you'd be able to assist me here. I did some reading on the API so I'm now able to pass:

curl -X DELETE 'http://localhost:9200/indices/TkNxWZ2BQmGznq5Xv77CxQ/0?pretty'

but the response I get is:

{
  "found" : false,
  "_index" : "indices",
  "_type" : "TkNxWZ2BQmGznq5Xv77CxQ",
  "_id" : "0",
  "_version" : 1,
  "result" : "not_found",
  "_shards" : {
    "total" : 2,
    "successful" : 1,
    "failed" : 0
  }
}

I've got three indexes that I want to erase before I restart my server, but I can't seem to get the "result" : "deleted" message.

Thanks again

dadoonet · November 2, 2018, 12:20pm

This is not a valid index name.
You are calling here the Delete Document API.

What are the index names you want to remove?

KuboMD · November 2, 2018, 12:29pm

/rXPAWDDOTZCFutcZ6zGwew/0
/rXPAWDDOTZCFutcZ6zGwew/1
/rXPAWDDOTZCFutcZ6zGwew/2
/rXPAWDDOTZCFutcZ6zGwew/3

/TkNxWZ2BQmGznq5Xv77CxQ/0
/TkNxWZ2BQmGznq5Xv77CxQ/1
/TkNxWZ2BQmGznq5Xv77CxQ/2
/TkNxWZ2BQmGznq5Xv77CxQ/3

/SfiLdN55RMqH6LjLzn_StA/0
/SfiLdN55RMqH6LjLzn_StA/1
/SfiLdN55RMqH6LjLzn_StA/2
/SfiLdN55RMqH6LjLzn_StA/3

I believe these are the indexes and their IDs...I'm not too familiar so maybe I'm mistaken. Is there an API to delete a whole index or must I recursively delete each document within an index?

Thanks for your continued help

dadoonet · November 2, 2018, 1:13pm

I meant the index name not the directory names on disk. You should never look at this.

KuboMD · November 2, 2018, 1:54pm

Oh I see.
This is the only "Indices" I can find on my server.

Is the name for the index = the prefix?

Thanks

dadoonet · November 2, 2018, 2:25pm

Run

GET /_cat/indices?v

KuboMD · November 2, 2018, 2:30pm

curl -X GET 'http://localhost:9200/_cat/indices?v'
health status index     uuid                   pri rep docs.count docs.deleted store.size pri.store.size
red    open   graylog_0 TkNxWZ2BQmGznq5Xv77CxQ   4   0                                                  
green  open   graylog_1 rXPAWDDOTZCFutcZ6zGwew   4   0    1211736            0    405.4mb        405.4mb
green  open   syslog__0 SfiLdN55RMqH6LjLzn_StA   4   0          0            0       648b           648b
yellow open   indices   llXr2lFeS72xcrr2yyzgRg   5   1          0            0       839b           839b

David, here's the output.
Can I use the delete command on the "graylog_0" index to have it regenerated?

Thanks again.

dadoonet · November 2, 2018, 2:35pm

So if you want to remove index graylog_0, run:

DELETE /graylog_0

KuboMD · November 2, 2018, 3:30pm

{
  "acknowledged" : true
}

Looks good!
I used PUT /graylog_0 to recreate it.
I restarted my services and now it's working fine!

Thanks for your patience David. Elasticsearch is a very cool platform.

system · November 30, 2018, 3:30pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.