Hi, from your screenshot it seems pretty clear that Elasticsearch can't index messages at the same rate that they are ingested and processed by Graylog.
On Tuesday, 27 September 2016 17:57:16 UTC+2, [email protected] wrote: > > So process is when be when message is actually parsed and output is when > sent to ES for indexing? > Yes. The process and output buffers filling is basically back pressure from Elasticsearch. Cheers, Jochen -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/93ab3d62-a2c9-463f-b559-4f5e5a045c04%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
