If there are a lot of messages piling up in Graylog's journal (System>Nodes>nodename>Disk Journal> Utilization) but they are not showing in the Search, you will need to delete the journal folder under /var/lib/graylog-server. Then restart the graylog.

Configure lower index retention (mygraylog.com/system/indices) to delete the older ones or delete it manually.

• Graylog 3.3.16
• Debian 9

• Elasticsearch troubleshooting

• https://community.graylog.org/t/after-disk-space-issue-no-out-messages-help/1766