Hi Jochen, Graylog is the latest, 2.0 plus patch, I think 2.0.1 . Also elasticsearch we installed the latest that was. Mongodb is 3.2.6. We are running graylog cluster (In Graylog GUI I see all 3 GL nodes). Also in graylog server.conf file we list all 3 elasticsearch nodes.
I think you ware right with 3 serparate masters. When I go to Graylog GUI - Nodes, and click on details, it say for all 3 nodes . It is master. So In the server.conf file I stritly prohibited one of the nodes to become master: master=false and after restart the node is showen as not master in GUI. I will monitior in the following days but this was probably the reason for many indexes. Thanks! Dne torek, 24. maj 2016 18.41.35 UTC+2 je oseba Jochen Schalanda napisala: > > Hi Lec, > > which version of Graylog and Elasticsearch are you using? > > Are you running 3 separate clusters (with separate Graylog instances and > separate Elasticsearch nodes)? > > Also make sure that there is only 1 Graylog master node in each cluster > (which is performing maintenance tasks like index rotation and retention). > > Cheers, > Jochen > > On Tuesday, 24 May 2016 16:47:19 UTC+2, [email protected] wrote: >> >> Hi, >> >> I am running a 3 cluster configuration, each of systems is running >> graylog and aelasticsearch. >> >> My index rotation settings are following: >> >> Index rotation strategy:Index TimeRotation period:P1D (1d, a day) >> Index retention strategy:DeleteMax number of indices:100 >> >> >> One would expect that this will create 100 indexes in 100 days. But >> after running this for about 18 days, I have indexes from 1 til 47. The >> oldest data in >> >> index one is 17 days old. It seesm like 2 or 3 new indexes pred day are >> created. >> >> So it seems I will need to increase Index number to something close to >> 300 if I want data to be deleted after 100 days. >> >> >> I can increase index number but just curious, is this a bug or is this >> working as it should, maybe because of 3 node cluster. >> >> >> >> Thanks, >> >> Lec >> >> >> >> -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/9d50e00f-5928-4ced-8288-8166b7d701a5%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
