Let me start by asking your pardon for my lacking linux skillset
The problem I'm having is that /dev/mapper/vg_template2-lv_root disk gets
to 100% and then everything stops. I can't find anything on how to either
forcefully rotate the logs and thus effectively clean up the database, as
once the database crashes, everything else does to; therefore, I have to
restore the base VM and rebuild from scratch. From what I've noticed, the
logs can only be rotated by the application; however the app won't run with
0 disk available. Is there a way to forcefully delete old log files so I
can keep the app running? Is there (or can it be added) the ability within
the application (for those linux impaired) to forcefully purge log entries
with "dates older than"...or even something like a self tuning mechanism
based upon %remaining disk forcing a "purge event" of say the last 25% of
the log entries? ANYTHING from having me to restore the base VM and start
over is a plus in my book.
Any and all head slaps welcome.
DF shows the following:
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/mapper/vg_template2-lv_root
51475068 32290808 16562820 67% /
tmpfs 19623120 1962312 0% /dev/shm
/dev/sda1 48765290873371179 20% /boot
/dev/mapper/vg_template2-lv_home
15017804460864 142481828 1% /home
Here are the NON Default settings of the server.conf that I'm using (<==
are comments):
is_master = true
node_id_file = /etc/graylog/server/node-id
password_secret = blanked
root_password_sha2 = blanked
root_timezone = UTC <== annoying that I can't simply set this to CDT
plugin_dir = /usr/share/graylog-server/plugin
rest_listen_uri = http://127.0.0.1:12900/
elasticsearch_config_file = /etc/elasticsearch/elasticsearch.yml
rotation_strategy = size
elasticsearch_max_docs_per_index = 100 <== guessed as I have nothing
to base this number upon
elasticsearch_max_size_per_index = 536870912 <== 1G kept me at 100%...got
frustrated rebuilding the VM...now at 50%...watch and wait, but again this
is also a guess
elasticsearch_max_number_of_indices = 5
retention_strategy = delete
elasticsearch_shards = 4
elasticsearch_replicas = 0
elasticsearch_index_prefix = graylog2
allow_leading_wildcard_searches = false
allow_highlighting = false
elasticsearch_cluster_name = testme
elasticsearch_node_name = graylog120testupgrade.blanked
elasticsearch_network_host = 10.71.0.57
elasticsearch_network_bind_host = 10.71.0.57
elasticsearch_network_publish_host = 10.71.0.57
elasticsearch_analyzer = standard
output_batch_size = 25 <== guessed
output_flush_interval = 1
output_fault_count_threshold = 5
output_fault_penalty_seconds = 30
processbuffer_processors = 5
outputbuffer_processors = 3
processor_wait_strategy = blocking
ring_size = 1024 <== guessed
inputbuffer_ring_size = 1024 <== guessed
inputbuffer_processors = 2
inputbuffer_wait_strategy = blocking
message_journal_enabled = true
message_journal_dir = /var/lib/graylog-server/journal
dead_letters_enabled = false
lb_recognition_period_seconds = 3
mongodb://127.0.0.1:27017/graylog2
mongodb_uri = mongodb://127.0.0.1:27017/graylog2
mongodb_max_connections = 100 <== guessed
mongodb_threads_allowed_to_block_multiplier = 5 <== guessed
transport_email_enabled = true
transport_email_hostname = blanked
transport_email_port = 25
transport_email_use_auth = false
transport_email_use_tls = false
transport_email_use_ssl = false
transport_email_from_email = noc-TESTME@blanked
transport_email_web_interface_url = http://10.71.0.57:9000
gc_warning_threshold = 2s
Kindest regards,
ME
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/de4df625-43a2-4f20-8ac0-a6e0111ecddd%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
