Graylog - data from newest indice not returned on search

I have a Graylog server (newest version) collecting data from nginx. It´s been running for a while. I retrieve the collected data by querying my Elasticsearch cluster (v7 newest version) which consists of 4 nodes ATM. This all work(s/ed) fine. Now I have the problem that Elasticsearch won´t return the newest data. I checked that it exists. I do not see any differences to previous data stored. I did have a downtime (aka crash) because my disks where running full. All statuses show that the system is running fine again.

I checked everything I could find but ran out of ideas. Where do I need to look to solve this? I appreciate any ideas!

Update

What I also noticed is that I increased the Index Replicas from 0 (default) to 1 for the default index set but there seems to be no replicas. Shouldn´t those be created automatically after changing the settings?

I am not sure exactly how to guide you, but have you looked at the log agent?

From my experience, I can not think of a simple reason that ES would not return data that are digested, except when querying with wrong filters such as wrong datetime (timezone changes).

After a crash on the ElasticSearch side of things, some times filebeat requires a restart. You should check its logs too, it might help you pin point the problem.

On the replication option, now.

Τhe option index.number_of_replicas is a dynamic option and should be updated live. If this option is passed through the index template it gets applied on index rotation ( aka, a new index is spawned ). Otherwise you might need to update it on the index itself