Hi Roberto, there's something wrong with your Elasticsearch cluster (see http://docs.graylog.org/en/1.3/pages/configuring_es.html#cluster-status-explained for an explanation of the different Cluster Health States) which prevents Graylog from indexing more log messages.
Check the logs of your Elasticsearch nodes (e. g. in /var/log/elasticsearch) for errors. Very often, Elasticsearch simply ran out of disk space. Cheers, Jochen On Tuesday, 16 February 2016 15:46:26 UTC+1, roberto...@gmail.com wrote: > > Dear, I have Graylog 1.2 but right now I have a lot of incoming messages > but no outgoing messages at all, so my journal space is increasing a lot: > > *Processing 1500 incoming and 0 outgoing msg/s. 1,877,835 unprocessed > messages* > > I can see just this error or warning: > > *Elasticsearch cluster is red.* Shards: 92 active, 0 initializing, 0 > relocating, 4 unassigned > > What can be the problem? How can I get outgoing messages again ? > > Thanks a lot, > > Roberto > > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/83836453-7c45-47ac-ad71-c4634498a4f4%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
