Ok that is quite clear! Now I'll have to figure out why that bottleneck is happening. I doubt I can see the metrics later then 15 mins so that will be challenging! I'm currently moving the VM to SSDs which can't hurt but I doubt it'll solve the problem.
On Tuesday, 27 September 2016 12:16:47 UTC-4, Jochen Schalanda wrote: > > Hi, > > from your screenshot it seems pretty clear that Elasticsearch can't index > messages at the same rate that they are ingested and processed by Graylog. > > > On Tuesday, 27 September 2016 17:57:16 UTC+2, [email protected] wrote: >> >> So process is when be when message is actually parsed and output is when >> sent to ES for indexing? >> > > Yes. The process and output buffers filling is basically back pressure > from Elasticsearch. > > > Cheers, > Jochen > > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/28244bac-8d87-40ae-a5ec-1eb48bb91087%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
