On Sat, Jun 4, 2016 at 3:26 AM, Jochen Schalanda <[email protected]> wrote:
> you can restrict the time range users are allowed to run queries in since
> Graylog 2.0.0 (see System -> Configurations -> Searches configuration).
> Other than that, it would help to split your indices into more shards (and
> distribute them on more Elasticsearch nodes).
>
> This being said, the error you've mentioned (field data cache being full)
> most often occurs if the mentioned field ("message" in this case) is being
> used in an aggregation (e. g. Quick Values), so you might want to avoid
> those on analyzed fields like "message", "full_message", and "source".
>
Hi Jochen
You just reinforced my point. What you're saying is that *graylog users
have to change behaviour* in order to stop graylog/ES from crashing...
My intention is to make our graylog server available to 50+ people to use
*as they see fit*. They all know a lot less than I do about the limitations
of graylog/ES - and I know nearly nothing.
I appreciate this might be impossible to fix (I know nearly nothing, but
this sounds like an ES issue - not a graylog issue), but it doesn't change
the fact that a user making an honest mistake leading to the entire system
being broken isn't a good outcome. I was just wondering if there were any
kind of filters graylog could do to stop such "runaway" search queries from
being run, or some mechanism to pick up the fact that ES has indeed "run
away" and then do something about it to fix it? Otherwise, how do graylog
users solve this problem? It will happen again
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/CAFChrgKeoZROXSHKyt_Wh6uT7ZH2fYAWXNQKCg0MT9RsX1Bv8w%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
