Hi Jan
thanks for the reply
the setup is really straight forward and never thought that i will have
difficulties but.....
please find my answers with blue
On Friday, June 24, 2016 at 10:42:21 AM UTC+2, Jan Doberstein wrote:
>
> Hej Yiannis,
>
>
>
> On 24. Juni 2016 at 01:18:39, Yiannis ([email protected] <javascript:>)
> wrote:
> > I 've installed and configured a 3 node graylog (2.0.3) "cluster". On 3
> > R610 (16 cores total) servers with 72GB of RAM (Every nodes has
> installed
> > mongo, elastic and graylog)
>
> i guess you have set in one graylog.conf *is_master = true* and on two
> others *is_master = false*, additional i guess you have setup a
> replica set for your mongodb (
> https://docs.mongodb.com/manual/reference/replica-configuration/ ) and
> that you are using the same cluster.name in your the elasticsearch
> configuration.
>
>
Yes i' ve got the first server as is_master = true and the other two as
is_master = false
That is my starting papameters for all graylog server
GRAYLOG_SERVER_JAVA_OPTS=
"-Xms8g -Xmx8g -XX:NewRatio=1 -server -XX:+ResizeTLAB
-XX:+UseConcMarkSweepGC -XX:+CMSConcurrentMTEnabled
-XX:+CMSClassUnloadingEnabled -XX:+UseParNewGC
-XX:-OmitStackTraceInFastThrow"
And the heap size of all elastic node is set to 28 GB
ES_HEAP_SIZE=28g
My elastic cluster seems pretty fine
curl -XGET 'http://localhost:9200/_cluster/health?pretty=true'
{
"cluster_name" : "ngraylog2",
"status" : "green",
"timed_out" : false,
"number_of_nodes" : 6,
"number_of_data_nodes" : 3,
"active_primary_shards" : 44,
"active_shards" : 88,
"relocating_shards" : 0,
"initializing_shards" : 0,
"unassigned_shards" : 0,
"delayed_unassigned_shards" : 0,
"number_of_pending_tasks" : 0,
"number_of_in_flight_fetch" : 0,
"task_max_waiting_in_queue_millis" : 0,
"active_shards_percent_as_number" : 100.0
}
Also the mongo replicas seems fine
rs.status()
{
"set" : "replset01",
"date" : ISODate("2016-06-24T12:54:53.961Z"),
"myState" : 1,
"term" : NumberLong(43),
"heartbeatIntervalMillis" : NumberLong(2000),
"members" : [
{
"_id" : 0,
"name" : "graylog-manager1:27017",
"health" : 1,
"state" : 2,
"stateStr" : "SECONDARY",
"uptime" : 169601,
"optime" : {
"ts" : Timestamp(1466772892, 9),
"t" : NumberLong(43)
},
"optimeDate" : ISODate("2016-06-24T12:54:52Z"),
"lastHeartbeat" :
ISODate("2016-06-24T12:54:52.681Z"),
"lastHeartbeatRecv" :
ISODate("2016-06-24T12:54:52.976Z"),
"pingMs" : NumberLong(0),
"syncingTo" : "graylog-manager2:27017",
"configVersion" : 3
},
{
"_id" : 1,
"name" : "graylog-manager2:27017",
"health" : 1,
"state" : 1,
"stateStr" : "PRIMARY",
"uptime" : 169609,
"optime" : {
"ts" : Timestamp(1466772893, 13),
"t" : NumberLong(43)
},
"optimeDate" : ISODate("2016-06-24T12:54:53Z"),
"electionTime" : Timestamp(1466603303, 1),
"electionDate" : ISODate("2016-06-22T13:48:23Z"),
"configVersion" : 3,
"self" : true
},
{
"_id" : 2,
"name" : "graylog-manager3:27017",
"health" : 1,
"state" : 2,
"stateStr" : "SECONDARY",
"uptime" : 169557,
"optime" : {
"ts" : Timestamp(1466772892, 9),
"t" : NumberLong(43)
},
"optimeDate" : ISODate("2016-06-24T12:54:52Z"),
"lastHeartbeat" :
ISODate("2016-06-24T12:54:52.667Z"),
"lastHeartbeatRecv" :
ISODate("2016-06-24T12:54:52.444Z"),
"pingMs" : NumberLong(0),
"syncingTo" : "graylog-manager2:27017",
"configVersion" : 3
}
],
"ok" : 1
}
> Additional i would suggest to raise the Heap for elasticseaerch to
> 31GB and for Graylog to 5GB.
>
>
> > My 2 biggest problem are:
> >
> > 1) Most of the times when i press the search button (and only the search
> > button displayed in the image)
> >
> > seems to me that my browser goes again from the login screen (to send
> again
> > the user credential) before rendering the results
>
> Can you please look into your log files of graylog when this happens
> to you - it should be possible to get an idea why this happen just by
> look at the log file during this ‘event’.
>
When the log lever is INFO nothing appears in the log during this ‘event’,
when i change to DEBUG or TRACE i really can't get the idea of what is
happening.
>
>
>
> > 2) Every now and then, i get a strange error (when mostly when using
> > firefox) from webs interface api server like the following
> > (no errors on shown in the graylog server logs)
>
> Are you sure that you read
>
> http://docs.graylog.org/en/2.0/pages/configuration/web_interface.html#overview
>
> <http://www.google.com/url?q=http%3A%2F%2Fdocs.graylog.org%2Fen%2F2.0%2Fpages%2Fconfiguration%2Fweb_interface.html%23overview&sa=D&sntz=1&usg=AFQjCNFsKM-_8kHFzHQCaT3Zt1bTCZoBdw>
>
> and set all Configurations to that?
>
> Even if you run the Web Interface only on one Node the API of all
> Nodes need to be reachable by your browser.
>
>
I believe i did
and yes the API of all Nodes is reachable from my browser.
Attaching my graylog server.conf files (i' ve set this up in CentOS
(http://docs.graylog.org/en/2.0/pages/installation/os/centos.html) if that
sound any alarms?)
just to prove my sayings
Regards
Yiannis
> regards
> Jan
>
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/c47bd0ee-1e09-40a5-85e4-ba7afb42a8f8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
is_master = false
node_id_file = /etc/graylog/server/node-id
password_secret = xxx
root_password_sha2 =
8c36005e18sqdad19d69369bf0fc15e55a7e0990c97295d10fa86097a71b9a7b
rest_listen_uri = http://172.168.50.114:12900/
rest_transport_uri = http://172.168.50.114:12900/
rest_thread_pool_size = 16
web_enable = false
web_listen_uri = http://172.168.50.114:9000/
web_enable_gzip = true
web_thread_pool_size = 16
rotation_strategy = count
elasticsearch_max_docs_per_index = 10000000
rotation_strategy = count
elasticsearch_max_number_of_indices = 20
retention_strategy = delete
elasticsearch_shards = 3
elasticsearch_replicas = 1
elasticsearch_index_prefix = graylog
allow_leading_wildcard_searches = false
allow_highlighting = false
elasticsearch_cluster_name = ngraylog2
elasticsearch_node_name_prefix = Graylog3
elasticsearch_discovery_zen_ping_unicast_hosts = graylog-manager2:9300,
graylog-manager1:9300
elasticsearch_discovery_zen_ping_multicast_enabled = false
elasticsearch_network_host = 172.168.50.114
elasticsearch_analyzer = standard
output_batch_size = 500
output_flush_interval = 1
output_fault_count_threshold = 5
output_fault_penalty_seconds = 30
processbuffer_processors = 8
outputbuffer_processors = 6
processor_wait_strategy = blocking
ring_size = 65536
inputbuffer_ring_size = 65536
inputbuffer_processors = 2
inputbuffer_wait_strategy = blocking
message_journal_enabled = true
message_journal_dir = /var/lib/graylog-server/journal
lb_recognition_period_seconds = 9
mongodb_uri =
mongodb://graylog-manager1:27017,graylog-manager2:27017,graylog-manager3:27017/graylog2?replicaSet=replset01
mongodb_max_connections = 1000
mongodb_threads_allowed_to_block_multiplier = 5
transport_email_enabled = true
transport_email_hostname = smtp.xxx.com
transport_email_port = 25
transport_email_use_auth = false
transport_email_use_tls = false
transport_email_use_ssl = false
transport_email_subject_prefix = [ngraylog2]
transport_email_from_email = [email protected]
http_connect_timeout = 15s
http_read_timeout = 20s
http_write_timeout = 20s
ldap_connection_timeout = 20000
dashboard_widget_default_cache_time = 20s
content_packs_dir = /usr/share/graylog-server/contentpacks
content_packs_auto_load = grok-patterns.json
is_master = false
node_id_file = /etc/graylog/server/node-id
password_secret = xxx
root_password_sha2 =
8c36005e18sqdad19d69369bf0fc15e55a7e0990c97295d10fa86097a71b9a7b
rest_listen_uri = http://172.168.50.113:12900
rest_transport_uri = http://172.168.50.113:12900/
rest_enable_gzip = true
rest_thread_pool_size = 16
web_enable = false
web_listen_uri = http://172.168.50.113:9000/
web_enable_gzip = true
web_thread_pool_size = 16
rotation_strategy = count
elasticsearch_max_docs_per_index = 10000000
rotation_strategy = count
elasticsearch_max_number_of_indices = 20
retention_strategy = delete
elasticsearch_shards = 3
elasticsearch_replicas = 1
elasticsearch_index_prefix = graylog
allow_leading_wildcard_searches = false
allow_highlighting = false
elasticsearch_cluster_name = ngraylog2
elasticsearch_node_name_prefix = Graylog2
elasticsearch_discovery_zen_ping_unicast_hosts = graylog-manager2:9300,
graylog-manager1:9300, graylog-manager3:9300
elasticsearch_discovery_zen_ping_multicast_enabled = false
elasticsearch_network_host = 172.168.50.113
elasticsearch_analyzer = standard
output_batch_size = 500
output_flush_interval = 1
output_fault_count_threshold = 5
output_fault_penalty_seconds = 30
processbuffer_processors = 8
outputbuffer_processors = 6
processor_wait_strategy = blocking
ring_size = 65536
inputbuffer_ring_size = 65536
inputbuffer_processors = 2
inputbuffer_wait_strategy = blocking
message_journal_enabled = true
message_journal_dir = /var/lib/graylog-server/journal
lb_recognition_period_seconds = 9
mongodb_uri =
mongodb://graylog-manager1:27017,graylog-manager2:27017,graylog-manager3:27017/graylog2?replicaSet=replset01
mongodb_max_connections = 1000
mongodb_threads_allowed_to_block_multiplier = 5
transport_email_enabled = true
transport_email_hostname = smtp.xxx.com
transport_email_port = 25
transport_email_use_auth = false
transport_email_use_tls = false
transport_email_use_ssl = false
transport_email_subject_prefix = [ngraylog2]
transport_email_from_email = [email protected]
http_connect_timeout = 15s
http_read_timeout = 20s
http_write_timeout = 20s
ldap_connection_timeout = 20000
dashboard_widget_default_cache_time = 20s
content_packs_dir = /usr/share/graylog-server/contentpacks
content_packs_auto_load = grok-patterns.json
is_master = true
node_id_file = /etc/graylog/server/node-id
password_secret = xxx
root_password_sha2 =
8c36005e18sqdad19d69369bf0fc15e55a7e0990c97295d10fa86097a71b9a7b
rest_listen_uri = http://172.168.50.112:12900/
rest_transport_uri = http://172.168.50.112:12900/
rest_enable_gzip = true
rest_thread_pool_size = 16
web_listen_uri = http://172.168.50.112:9000/
web_enable_cors = true
web_enable_gzip = true
web_thread_pool_size = 16
rotation_strategy = count
elasticsearch_max_docs_per_index = 10000000
rotation_strategy = count
elasticsearch_max_number_of_indices = 20
retention_strategy = delete
elasticsearch_shards = 3
elasticsearch_replicas = 1
elasticsearch_index_prefix = graylog
allow_leading_wildcard_searches = false
allow_highlighting = false
elasticsearch_cluster_name = ngraylog2
elasticsearch_node_name_prefix = Graylog1
elasticsearch_discovery_zen_ping_unicast_hosts = graylog-manager2:9300,
graylog-manager1:9300 , graylog-manager3:9300
elasticsearch_discovery_zen_ping_multicast_enabled = false
elasticsearch_network_host = 172.168.50.112
elasticsearch_analyzer = standard
output_batch_size = 500
output_flush_interval = 1
output_fault_count_threshold = 5
output_fault_penalty_seconds = 30
processbuffer_processors = 8
outputbuffer_processors = 6
processor_wait_strategy = blocking
ring_size = 65536
inputbuffer_ring_size = 65536
inputbuffer_processors = 2
inputbuffer_wait_strategy = blocking
message_journal_enabled = true
message_journal_dir = /var/lib/graylog-server/journal
lb_recognition_period_seconds = 9
mongodb_uri =
mongodb://graylog-manager1:27017,graylog-manager2:27017,graylog-manager3:27017/graylog2?replicaSet=replset01
mongodb_max_connections = 1000
mongodb_threads_allowed_to_block_multiplier = 5
transport_email_enabled = true
transport_email_hostname = smtp.xxx.com
transport_email_port = 25
transport_email_use_auth = false
transport_email_use_tls = false
transport_email_use_ssl = false
transport_email_subject_prefix = [ngraylog2]
transport_email_from_email = [email protected]
http_connect_timeout = 15s
http_read_timeout = 20s
http_write_timeout = 20s
ldap_connection_timeout = 20000
dashboard_widget_default_cache_time = 20s
content_packs_dir = /usr/share/graylog-server/contentpacks
content_packs_auto_load = grok-patterns.json
