Hi,
You couls reconfigure elasticsearch for a start:
try changing this:
index.refresh_interval: 5s
Or even use a value of 30 sec, this improves the throuput of elastic.
On centos6
/etc/sysconfig/elasticsearch
ES_HEAP_SIZE=8g (/etc/init.d/elasticsearch) < set it to 50% of your
memory.
Good luck.
On Wednesday, January 13, 2016 at 2:11:04 PM UTC+1, [email protected]
wrote:
>
> Dear, Ia have Graylog 1.2 with just one Elasticsearch node. I receive lots
> of logs from different devices. After a pair of hours, I often notice that
> incoming messages are higher than outgoing messages, and so the journal is
> fullfilled and the message processing mechanism stops, and I have to delete
> messages from journal manually.
>
> This is a sample verbose message from the Nodes of Graylog:
>
> Processing *1,126* incoming and *500* outgoing msg/s. *130,739 unprocessed
> messages* are currently in the journal, in 1 segments. *857 messages* have
> been appended to, and *857 messages* have been read from the journal in
> the last second.
>
> Is there any way to process more messages and have higher outgoing
> messages? Or any other way to avoid the fullfilling of the journal ?
>
> Thanks a lot,
>
> Roberto
>
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/a6bde08d-3c0f-433f-8300-b5ebb8e546b0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
