In our environment, I have two graylog2 servers running, each with an instance of elasticsearch running on them. The first server also houses the mongodb for the cluster. Then there is a single graylog2 webserver pointed to both of the graylog2 nodes. Everything seems to be operational with a separate input sending logs for each server.
There is a strange behavior with searches. If I click the search for the last 5 minutes, I will only see results for one or the other input, never both mixed. When I first had the cluster operational this was not the case. Between that time and now there were some restarts of the service that may have caused the issue, I'm not sure. Does anyone have any idea why this may be happening? -- You received this message because you are subscribed to the Google Groups "graylog2" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
