Unable to Configure SLM

Mnchstrcityblues79 · July 7, 2022, 4:42pm

Greetings. I run the Graylog Open edition that uses ElasticSearch under the hood. Unfortunately, the archive feature is behind a paywall. Nonetheless, I need to backup my data and snapshots are the best way.

I have been following the instructions found here: Create a snapshot | Elasticsearch Guide [8.3] | Elastic (and the links contained therein) but have run into the following error when attempting to set the SLM policy:

curl -X PUT "localhost:9200/_slm/policy/daily-snapshots?pretty" -H 'Content-Type: application/json' -d @elastic_SLM_policy

Here is my @elastic_SLM_policy:

{  
  "schedule": "0 */12 * * * ?",  
  "name": "<every12h-snap-{now/d}>",  
  "repository": "my_fs_backup",  
  "config": {    
    "indices": "*",    
    "include_global_state": true  
  },  
  "retention": {    
    "expire_after": "90d",    
    "min_count": 5,    
    "max_count": 180  
  }
}

And I receive the following error:

{  
  "error" : {    
    "root_cause" : [      
      {        
        "type" : "index_not_found_exception",        
        "reason" : "no such index [_slm]",        
        "resource.type" : "index_expression",        
        "resource.id" : "_slm",        
        "index_uuid" : "_na_",        
        "index" : "_slm"      
      }    
    ],    
    "type" : "index_not_found_exception",    
    "reason" : "no such index [_slm]",    
    "resource.type" : "index_expression",    
    "resource.id" : "_slm",    
    "index_uuid" : "_na_",    
    "index" : "_slm"  
  },  "status" : 404 
}

Thank you for all your help!

Keith_Massey · July 7, 2022, 5:21pm

What version of Elasticsearch is backing your Graylog? My guess is that it is a version that predates SLM?

Mnchstrcityblues79 · July 7, 2022, 5:28pm

I had not even thought about that:

{
  "name" : "graylog",
  "cluster_name" : "graylog",
  "cluster_uuid" : "<redacted>",
  "version" : {
    "number" : "7.10.2",
    "build_flavor" : "oss",
    "build_type" : "deb",
    "build_hash" : "<redacted>",
    "build_date" : "2021-01-13T00:42:12.435326Z",
    "build_snapshot" : false,
    "lucene_version" : "8.7.0",
    "minimum_wire_compatibility_version" : "6.8.0",
    "minimum_index_compatibility_version" : "6.0.0-beta1"
  },
  "tagline" : "You Know, for Search"
}```

stephenb · July 7, 2022, 5:37pm

The critical part is the oss SLM is / was part of X-Pack meaning you have to use the default distribution SLM is not in the oss distribution.

My Suggestion is Upgrade both Version to something newer like 7.17 and use the Basic / Free Forever license (there is no actual OSS distro after 7.10)

Mnchstrcityblues79 · July 7, 2022, 6:05pm

ah; that makes sense. The ironic part is that Graylog is not tested against anything higher than 7.10 (that I am aware of) but nonetheless recommends the using the snapshot api in elasticsearch Backup - Configuring Graylog

Thank you for all your help!

system · August 4, 2022, 6:06pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
SLM not starting Elasticsearch slm-snapshot-lifecycle-management	10	776	October 25, 2021
Cant create snapshot life cycle policy Elasticsearch docker , slm-snapshot-lifecycle-management	7	1076	June 3, 2020
Put SLM as per the documents complains about the index name? Elasticsearch	13	1649	April 20, 2020
Elasticsearch SLM policy Error Elasticsearch	2	375	June 24, 2020
SLM policy for elastic snapshot for 30 mins is failing Elasticsearch	1	392	July 14, 2020

Unable to Configure SLM

Related topics