Reindex change shard number

gabbar · March 10, 2022, 1:04pm

Hello community!
I'm running Elasticsearch 6.8 to store logs collected using graylog and I would like to reduce the amount of shards of the older indices.
Using curator I've been able to shrink the shards from 6 to 1, when I reindex them in order to rename them to the original one, the amount of shards goes up again to 4.

Here's the action file

actions:
  1:
    action: reindex
    description: >-
      reindex graylog_100-shrink to graylog_100
    options:
      wait_interval: 30
      max_wait: -1
      request_body:
        source:
          index: graylog_100-shrink
        dest:
          index: graylog_100
    filters:
    - filtertype: none

Even the API doesn't seem offer a lot of options about.
Do you have any recommendation?

Kind regards

system · March 10, 2022, 1:04pm

Elasticsearch 6.8 is EOL and no longer supported. Please upgrade ASAP.

(This is an automated response from your friendly Elastic bot. Please report this post if you have any suggestions or concerns )

gabbar · March 13, 2022, 5:15pm

Dear system: I'll be glad to upgrade Elasticsearch as soon as Graylog will support a newer version without removing essential features

Kind regards,
Gabbar

leandrojmp · March 13, 2022, 6:21pm

Do you have any template for the graylog_100 indices?

The number of shards is probably defined in an template, you will need to edit the template to change the number of shards from 4 to any number you want.

Use the _cat/templates and _cat/templates/template-name APIs to check the templates.

Also, Graylog dropped support for Elasticsearch, the last version they support is the 7.10 which is also approaching EOL.

gabbar · March 14, 2022, 12:02pm

Hello Leandro,
thank you for the hint. I've been able to override the setting from the template (which is needed for the creation of the newest indices) creating an empty index named "graylog_100" with the desired amount of shards before the reindexing

  1:
    action: create_index
    description: "Create index as graylog-100"
    options:
      name: graylog-100
      extra_settings:
        settings:
          number_of_shards: 1
          number_of_replicas: 1
  2:
    action: reindex
    description: >-
      reindex graylog_100-shrink to graylog_100
    options:
      wait_interval: 30
      max_wait: -1
      request_body:
        source:
          index: graylog_100-shrink
        dest:
          index: graylog_100
    filters:
    - filtertype: none

curl -X GET 'http://myhost:9200/graylog_100?pretty'|tail -n 30

       }
      }
    },
    "settings" : {
      "index" : {
        "refresh_interval" : "30s",
        "number_of_shards" : "1",
        "provided_name" : "graylog_100",
        "creation_date" : "1647258037695",
        "analysis" : {
          "analyzer" : {
            "analyzer_keyword" : {
              "filter" : "lowercase",
              "tokenizer" : "keyword"
            }
          }
        },
        "number_of_replicas" : "1",
        "uuid" : "NDKVA-pHRIygM4TOW-0Lsg",
        "version" : {
          "created" : "6082099"
        }
      }
    }
  }

system · April 11, 2022, 12:03pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How change the number of shards and replicas in Elasticsearch Elasticsearch	7	53947	June 6, 2017
Decrease the number of shards Elasticsearch	12	31651	June 18, 2017
Upgrade ES to 6.8 and Graylog to 4.0 Elasticsearch	6	400	November 10, 2021
How to re-index if I have changed the shard numbers? Elasticsearch	7	1753	July 5, 2017
Action Shrink n Reindex with Curator Elasticsearch curator	1	383	December 17, 2020

Reindex change shard number

Related topics