This is all good info. Thanks for the template. I will end up using that.
How many shards are you using? Are you aliasing the nodes in any way?
I had ours at 6, but changed it to 4 (no replicas), and boy, it sped things
up by a lot.
Are you load balancing the input? Or are you just pointing it directly to
your fast nodes so they don't get rerouted by Graylog/ES?
In terms of what Jochen said, I would love documentation on:
- How can we easily apply time based aliases to graylog_x indexes.
- What does the ring_size and and all of the processbuffer stuff actually
do?
* What tweaks can one make in various scenarios to speed things up?
- Can we see easy ways to install mongodb in a multi-node setup?
* I had to make scripts for this. I bet installation is uniform across
most setups. Scripts would be helpful.
On Saturday, December 3, 2016 at 9:13:51 AM UTC-6, Dustin Tennill wrote:
>
> All,
>
> We just finished implementing
> https://www.elastic.co/blog/hot-warm-architecture
> <https://www.elastic.co/blog/hot-warm-architecture?blade=tw> for our
> Graylog environment. After weeks of troubleshooting elasticsearch
> performance issues with our budget ES nodes, the addition of a two small
> SSD nodes REALLY made a difference. Our output buffers had been filling up
> from time to time, and this appears to have resolved that issue.
>
> If anyone is interested, we will post our config information.
>
> Dustin Tennill
> EKU
>
>
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/b00cf169-a7c8-4db4-8c16-e9e423069cbf%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
