Hello Lennart,
Can i suggest you to use the elasticsearch’s routing feature in next
release graylog2 release . I have got a huge volume of logs (about 2To of
data in the ES cluster) with a lot of streams in graylog2, and using the
stream_id as routing key in ES , seems to be, from my point of view , a
good idea to improve the response time when doing search requests inside a
stream. I have successfully made minor modifications in the source code
of GL2 (0.12 but should also work in 0.20) and were able to use the
stream_id as routing_key . I also change a little bit the ES mapping.
{
"_default_": { "_routing": {
"required": true,
"path": "streams"
}
}
}
It’s working !! Documents are indexed in ES, the routing_key is equal to
the value of the stream_id . The last thing to do , is to do some
modifications in the graylog2-webinterface in order to use the routing_key
when doing searches. In fact; the webinterface should be able get the
automatically the object-id of stream you are sitting and passes it as
argument in the search request. Done the modification , in the
webinterface in ruby , it’s seam to work. I’ve not found for moment what
exactly to modify , for the webinterface in play
Thx ,Regards
Guillaume
--
You received this message because you are subscribed to the Google Groups
"graylog2" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
