Hi, please don't "hijack" old mailing list threads. You can always open a new one…
Currently there's pretty much only the org.graylog2.filters.ExtractorFilter.executionTime metric (see http://localhost:12900/system/metrics/org.graylog2.filters.ExtractorFilter.executionTime?pretty=true) which hints to how long all extractors have been running. This isn't very detailed, though. I must wait perhaps 1 hour, to display the older messages hour hour ago This sounds like a simple timezone issue. Please check that the account you're using the web interface with is using the correct timezone (System -> Users); in case of the admin user, take a look at the root_timezone setting in the Graylog configuration file ( https://github.com/Graylog2/graylog2-server/blob/1.1.6/misc/graylog2.conf#L28-L31). Additionally, if message don't contain a proper timestamp (i. e. including a timezone), UTC is being used by default. Cheers, Jochen On Monday, 24 August 2015 09:54:45 UTC+2, HappyDaysInfo wrote: > > Hi Jamie, > > For information , and concerning my first experience using graylog, > > I 've defined an input udp syslog with haproxy extractirs (and I have > checked all extrators). > An haproxy Aloha forward messages in 5514 ports and I have noticied , > something strange: > > I must wait perhaps 1 hour, to display the older messages hour hour > ago(input receveid messages and search modukle) parsed and with the only > condition if I disable the input before > If I don't use extractorn the messages are displayed in real time. > > In my architecture I have separated elastic search in a different > equipement than graylor server and it's web interface. > > I have take look in index performance from elastic search node (one > shark), but i don't notice problem performance. > > My query is: is there a log activity concerning parsing extractor, because > there is no doubt the impacte performance, but I don't understand How it > can impacte the avaibility of consulting the messages already loggued > > Best regards. > > > > Le mercredi 24 septembre 2014 20:10:05 UTC+2, Jochen Schalanda a écrit : >> >> Hi Jamie, >> >> Am Mittwoch, 24. September 2014 19:58:38 UTC+2 schrieb Jamie Geyer: >>> >>> just a quick question - >>> In general does adding extractors to an input cause any performance >>> impacts on the input? >>> >> >> In general yes, because the extractors have to be run for every message >> which is processed by that input. The concrete impact varies between >> "negligible" and "a lot" depending on the number and complexity of >> extractors. >> >> I recommend taking a look at the stream_processing_timeout and >> stream_processing_max_faults settings in your graylog2.conf and >> configure them accordingly (or keep the quite sane defaults). >> >> >> Cheers, >> Jochen >> >> -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/9630cb9a-ff38-44d1-8d53-76c72ea3643a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
