The biggest problem with using clustered graylog with multiple nodes is how
to balance load across them. Graylog puts traffic that it receives into a
local buffer that is processed only by the local node, not into a global
buffer that is processed by the next available node. Thus you'll need to
put a load balancer in front of it. If your application is releasing logs
via HTTP GELF, nginx is the usual solution to load balance across multiple
nodes. If it logs via Syslog, then syslog-ng is the usual solution to load
balance across multiple nodes (come up with a test to divide your machines
into N pools, where N is how many Graylog nodes you have, then configure
syslog targets that match only those nodes for a specific Graylog
That said, it may be that graylog is not your problem but, rather,
elasticsearch is your problem. You'll have to determine that by looking at
your process list and figuring out what's using all the CPU.
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
To view this discussion on the web visit
For more options, visit https://groups.google.com/d/optout.