In one instance running 1.2.1 we have 3.8TB of data, which holds roughly 30 days of data. When I do a simple "*" query across the last 14 days, the ES query finishes in about 6 seconds. Notice these 14 day queries returned: Found *1,111,506,619 messages* in 5,869 ms, searched in 987 indices <https://jarden.sylint.com/search?rangetype=relative&fields=message%2Csource&width=1280&relative=1209600&q=#> . But the page took 52.01s to load
Found *1,111,516,915 messages* in 6,650 ms, searched in 987 indices <https://jarden.sylint.com/search?rangetype=relative&fields=message%2Csource&width=1280&relative=1209600&q=#> . But the page took 46.12s to load When I try to do a query for the last 30 days, I end up with timeouts (HTTP 504). We're running 3 ES nodes - r3.2xlarge (8 core, 64gb RAM, SSD EBS volumes) in AWS. I think the cluster is up to the task of doing such queries, but it seems that maybe Graylog is doing some processing of the result set that might be slow. Any pointers here? Thanks! -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/a9b5ee7f-0b3c-4887-9023-ad6323ddc3bd%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
