Hi,
You couls reconfigure elasticsearch for a start:
try changing this:
index.refresh_interval: 5s
Or even use a value of 30 sec, this improves the throuput of elastic.
On centos6
/etc/sysconfig/elasticsearch
ES_HEAP_SIZE=8g (/etc/init.d/elasticsearch) < set it to 50% of your
memory.
Good luck.
On Wednesday, January 13, 2016 at 2:11:04 PM UTC+1, roberto...@gmail.com
wrote:
>
> Dear, Ia have Graylog 1.2 with just one Elasticsearch node. I receive lots
> of logs from different devices. After a pair of hours, I often notice that
> incoming messages are higher than outgoing messages, and so the journal is
> fullfilled and the message processing mechanism stops, and I have to delete
> messages from journal manually.
>
> This is a sample verbose message from the Nodes of Graylog:
>
> Processing *1,126* incoming and *500* outgoing msg/s. *130,739 unprocessed
> messages* are currently in the journal, in 1 segments. *857 messages* have
> been appended to, and *857 messages* have been read from the journal in
> the last second.
>
> Is there any way to process more messages and have higher outgoing
> messages? Or any other way to avoid the fullfilling of the journal ?
>
> Thanks a lot,
>
> Roberto
>
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/a6bde08d-3c0f-433f-8300-b5ebb8e546b0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
