create a new index in graylog
shutdown graylog
remove the new index (e.g. graylog_8)
rename graylog_deflector to fit the name of the new index
add an alias graylog_deflector
The solution based above:
In the Graylog web UI go to the System/Indices>Indices. Select the Default index set
In the Maintanance select the Rotate active write index. It will create a graylog_0 index (but it will not work)
Go to the console and stop the graylog:
sudo service graylog-server stop
Handle the 1000 field problem:
curl -XPUT 'http://localhost:9200/_all/_settings?preserve_existing=true' -d '{
"index.mapping.total_fields.limit" : "5000"
}'
Stop the graylog_deflector index:
curl -XPOST 'localhost:9200/graylog_deflector/_close?pretty'
Delete the graylog_deflector index:
curl -XDELETE 'localhost:9200/graylog_deflector?pretty'
Add the graylog_deflector as alias to the newly created graylog_0 index:
curl -XPOST 'localhost:9200/_aliases?pretty' -H 'Content-Type: application/json' -d'
{
"actions" : [
{ "add" : { "index" : "graylog_0", "alias" : "graylog_deflector" } }
]
}'
Restart graylog