The biggest problem with using clustered graylog with multiple nodes is how to balance load across them. Graylog puts traffic that it receives into a local buffer that is processed only by the local node, not into a global buffer that is processed by the next available node. Thus you'll need to put a load balancer in front of it. If your application is releasing logs via HTTP GELF, nginx is the usual solution to load balance across multiple nodes. If it logs via Syslog, then syslog-ng is the usual solution to load balance across multiple nodes (come up with a test to divide your machines into N pools, where N is how many Graylog nodes you have, then configure syslog targets that match only those nodes for a specific Graylog destination).
That said, it may be that graylog is not your problem but, rather, elasticsearch is your problem. You'll have to determine that by looking at your process list and figuring out what's using all the CPU. -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/52d7951b-01b8-4920-90e6-f0a4d300b36d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
