The biggest problem with using clustered graylog with multiple nodes is how 
to balance load across them. Graylog puts traffic that it receives into a 
local buffer that is processed only by the local node, not into a global 
buffer that is processed by the next available node. Thus you'll need to 
put a load balancer in front of it. If your application is releasing logs 
via HTTP GELF, nginx is the usual solution to load balance across multiple 
nodes. If it logs via Syslog, then syslog-ng is the usual solution to load 
balance across multiple nodes (come up with a test to divide your machines 
into N pools, where N is how many Graylog nodes you have, then configure 
syslog targets that match only those nodes for a specific Graylog 

That said, it may be that graylog is not your problem but, rather, 
elasticsearch is your problem. You'll have to determine that by looking at 
your process list and figuring out what's using all the CPU.

You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
To view this discussion on the web visit
For more options, visit

Reply via email to