Hi Jerri, same here! We experienced quite the same problems after upgrading from GL 1.3.4/ES 1.7.1 to GL2.1.1/ES 2.3.5. Graylog support recommended increasing output batch size (see also Bob's comment) so we increased the value from 500 to 5000. Moreover, you should set the ES-parameter index.refresh_interval to 30s (for the Graylog client nodes, you can do this in graylog2-elasticsearch.yml) since the refresh operation is expensive and the default is 1s.
In our setup, these measures improved performance massively. Subjectively however, it still appears somewhat worse than before the update. -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/9da8aefa-123d-4b40-be71-811cde0c6232%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
