Hi Roberto, there's something wrong with your Elasticsearch cluster (see http://docs.graylog.org/en/1.3/pages/configuring_es.html#cluster-status-explained for an explanation of the different Cluster Health States) which prevents Graylog from indexing more log messages.
Check the logs of your Elasticsearch nodes (e. g. in /var/log/elasticsearch) for errors. Very often, Elasticsearch simply ran out of disk space. Cheers, Jochen On Tuesday, 16 February 2016 15:46:26 UTC+1, [email protected] wrote: > > Dear, I have Graylog 1.2 but right now I have a lot of incoming messages > but no outgoing messages at all, so my journal space is increasing a lot: > > *Processing 1500 incoming and 0 outgoing msg/s. 1,877,835 unprocessed > messages* > > I can see just this error or warning: > > *Elasticsearch cluster is red.* Shards: 92 active, 0 initializing, 0 > relocating, 4 unassigned > > What can be the problem? How can I get outgoing messages again ? > > Thanks a lot, > > Roberto > > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/83836453-7c45-47ac-ad71-c4634498a4f4%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
