-
Titel
WebUI Stuck on Fetching Logs When Searching Logstores - How to Reindex Logstores -
Beschreibung
When searching for logs in the WebUI of Syslog-ng Store Box (SSB), the following message occurs and no logs appear:
Fetching Logs…
-
Ursache
One of the logspaces may have become corrupt and needs reindexing. Please contact One Identity support for assistance in determining the specific logstore in question should it not be apparent which logstore is corrupt.
-
Lösung
To reindex a specific logstore from a specific day, please run the following from the core-shell of the SSB:
for i in $(ls /opt/ssb/var/logspace/name/"logspacename"/year/month-day/messages.store); do rm ${i%/*}/index.1* ${i%/*}/time.index ; l='' ; l=$(echo $i | awk -F"/" '{print $7}' ) ; /opt/syslog-ng/bin/reindexer -d -b /opt/ssb/var/logspace/name/${l:?}/ -n ${l:?} $i ; done
Once reindexing is done, the affected indexers needs to be restarted; otherwise, the WEBUI search field won't work. This can be done via restarting the whole syslog-ng service or sending USR1 signal to the corresponding indexer (as per below command, also executed from the core shell):
kill -s USR1 $(ps -ef | grep logindexd | grep "\-\-instance "logstorename"" | awk '{print $2}')
This could take several hours to run. It's possible that in this time that the console shell might time out so it is recommended to run this via SSH using a program such as Putty.
Once done, searching should work as expected.