Hi there I'm still running a test instance of graylog/elasticsearch and I know I have too much data coming in for the sizing, but it is showing me problems that my understanding better now should help in the future with "real" systems :-)
Anyway, I have more incoming data via graylog-server that that elasticsearch backend can comfortably deal with - but that seems to manifest itself in an odd manner. The "throughput" stats shows figures like this Processing 475 incoming and 3,500 outgoing msg/s. 3,954,288 unprocessed messages are currently in the journal, in 52 segments. 476 messages have been appended to, and 403 messages have been read from the journal in the last second. What I don't understand is how there can be more outgoing messages than incoming. This isn't some "spike" - it's continuous. Surely if elasticsearch couldn't keep up, you'd see more incoming than outgoing? -- Cheers Jason Haar Corporate Information Security Manager, Trimble Navigation Ltd. Phone: +1 408 481 8171 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/56156671.1090207%40trimble.com. For more options, visit https://groups.google.com/d/optout.
