Hi, I built my Graylog production environment and I have just migrated my monitoring solution to the new Graylog instances. It consists in Collectd Curl calls against the master Graylog node.
My proof-of-concept servers allowed me to plot some hits and publish them through aggregated Grafana dashboards (Apache hits + CPU load + memory). The kind of requests look like : - /search/universal/keyword/terms?field=status&query=tags%3A%22myAppName%2C%20myModuleName%22&keyword=last%20minutes I would like to extract some terms from the last minute. This query worked well on my former server. Now, the query does not find anything. During the last week, some points have been plotted (less than ten). As far as I know, the message rate is about the same on the new architecture. The things that changed are : - Graylog 1.1.6 to 1.2.1 - 4 Graylog nodes instead of 2 (more RAM + more CPU) : 3 vCPU + 4 Go of RAM + JVM XMS / XMX @ 2 Go - 4 Elasticsearch nodes instead of 2 (more RAM + more CPU + more disk space) : 8 vCPU + 7 Go of RAM + JVM XMS / XMX @ 4 Go + 1 To of data each My messages are brought to Graylog thanks to some AMQP queues (GELF AMQP inputs). I don't see any waiting messages on the RabbitMQ buffer. Through the web interface, I do see some messages younger than one minute ago when I use the basic time period (Search in the last 5 minutes), including the ones I am looking for. I came to the conclusion that the API behavior have changed. It seems that the messages are not immediately available to the search API. I tried other time periods : - last minute : KO - last hour : KO - last day : OK - last week : OK Do you have any clue about my strange situation ? Mathieu -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/74a0a650-b0e5-4556-8c33-d88c8f13b64d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
