Hi Jan
thanks for the reply
the setup is really straight forward and never thought that i will have
difficulties but.....
please find my answers with blue
On Friday, June 24, 2016 at 10:42:21 AM UTC+2, Jan Doberstein wrote:
>
> Hej Yiannis,
>
>
>
> On 24. Juni 2016 at 01:18:39, Yiannis (ka...@stoiximan.gr <javascript:>)
> wrote:
> > I 've installed and configured a 3 node graylog (2.0.3) "cluster". On 3
> > R610 (16 cores total) servers with 72GB of RAM (Every nodes has
> installed
> > mongo, elastic and graylog)
>
> i guess you have set in one graylog.conf *is_master = true* and on two
> others *is_master = false*, additional i guess you have setup a
> replica set for your mongodb (
> https://docs.mongodb.com/manual/reference/replica-configuration/ ) and
> that you are using the same cluster.name in your the elasticsearch
> configuration.
>
>
Yes i' ve got the first server as is_master = true and the other two as
is_master = false
That is my starting papameters for all graylog server
GRAYLOG_SERVER_JAVA_OPTS=
"-Xms8g -Xmx8g -XX:NewRatio=1 -server -XX:+ResizeTLAB
-XX:+UseConcMarkSweepGC -XX:+CMSConcurrentMTEnabled
-XX:+CMSClassUnloadingEnabled -XX:+UseParNewGC
-XX:-OmitStackTraceInFastThrow"
And the heap size of all elastic node is set to 28 GB
ES_HEAP_SIZE=28g
My elastic cluster seems pretty fine
curl -XGET 'http://localhost:9200/_cluster/health?pretty=true'
{
"cluster_name" : "ngraylog2",
"status" : "green",
"timed_out" : false,
"number_of_nodes" : 6,
"number_of_data_nodes" : 3,
"active_primary_shards" : 44,
"active_shards" : 88,
"relocating_shards" : 0,
"initializing_shards" : 0,
"unassigned_shards" : 0,
"delayed_unassigned_shards" : 0,
"number_of_pending_tasks" : 0,
"number_of_in_flight_fetch" : 0,
"task_max_waiting_in_queue_millis" : 0,
"active_shards_percent_as_number" : 100.0
}
Also the mongo replicas seems fine
rs.status()
{
"set" : "replset01",
"date" : ISODate("2016-06-24T12:54:53.961Z"),
"myState" : 1,
"term" : NumberLong(43),
"heartbeatIntervalMillis" : NumberLong(2000),
"members" : [
{
"_id" : 0,
"name" : "graylog-manager1:27017",
"health" : 1,
"state" : 2,
"stateStr" : "SECONDARY",
"uptime" : 169601,
"optime" : {
"ts" : Timestamp(1466772892, 9),
"t" : NumberLong(43)
},
"optimeDate" : ISODate("2016-06-24T12:54:52Z"),
"lastHeartbeat" :
ISODate("2016-06-24T12:54:52.681Z"),
"lastHeartbeatRecv" :
ISODate("2016-06-24T12:54:52.976Z"),
"pingMs" : NumberLong(0),
"syncingTo" : "graylog-manager2:27017",
"configVersion" : 3
},
{
"_id" : 1,
"name" : "graylog-manager2:27017",
"health" : 1,
"state" : 1,
"stateStr" : "PRIMARY",
"uptime" : 169609,
"optime" : {
"ts" : Timestamp(1466772893, 13),
"t" : NumberLong(43)
},
"optimeDate" : ISODate("2016-06-24T12:54:53Z"),
"electionTime" : Timestamp(1466603303, 1),
"electionDate" : ISODate("2016-06-22T13:48:23Z"),
"configVersion" : 3,
"self" : true
},
{
"_id" : 2,
"name" : "graylog-manager3:27017",
"health" : 1,
"state" : 2,
"stateStr" : "SECONDARY",
"uptime" : 169557,
"optime" : {
"ts" : Timestamp(1466772892, 9),
"t" : NumberLong(43)
},
"optimeDate" : ISODate("2016-06-24T12:54:52Z"),
"lastHeartbeat" :
ISODate("2016-06-24T12:54:52.667Z"),
"lastHeartbeatRecv" :
ISODate("2016-06-24T12:54:52.444Z"),
"pingMs" : NumberLong(0),
"syncingTo" : "graylog-manager2:27017",
"configVersion" : 3
}
],
"ok" : 1
}
> Additional i would suggest to raise the Heap for elasticseaerch to
> 31GB and for Graylog to 5GB.
>
>
> > My 2 biggest problem are:
> >
> > 1) Most of the times when i press the search button (and only the search
> > button displayed in the image)
> >
> > seems to me that my browser goes again from the login screen (to send
> again
> > the user credential) before rendering the results
>
> Can you please look into your log files of graylog when this happens
> to you - it should be possible to get an idea why this happen just by
> look at the log file during this ‘event’.
>
When the log lever is INFO nothing appears in the log during this ‘event’,
when i change to DEBUG or TRACE i really can't get the idea of what is
happening.
>
>
>
> > 2) Every now and then, i get a strange error (when mostly when using
> > firefox) from webs interface api server like the following
> > (no errors on shown in the graylog server logs)
>
> Are you sure that you read
>
> http://docs.graylog.org/en/2.0/pages/configuration/web_interface.html#overview
>
> <http://www.google.com/url?q=http%3A%2F%2Fdocs.graylog.org%2Fen%2F2.0%2Fpages%2Fconfiguration%2Fweb_interface.html%23overview&sa=D&sntz=1&usg=AFQjCNFsKM-_8kHFzHQCaT3Zt1bTCZoBdw>
>
> and set all Configurations to that?
>
> Even if you run the Web Interface only on one Node the API of all
> Nodes need to be reachable by your browser.
>
>
I believe i did
and yes the API of all Nodes is reachable from my browser.
Attaching my graylog server.conf files (i' ve set this up in CentOS
(http://docs.graylog.org/en/2.0/pages/installation/os/centos.html) if that
sound any alarms?)
just to prove my sayings
Regards
Yiannis
> regards
> Jan
>
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/c47bd0ee-1e09-40a5-85e4-ba7afb42a8f8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
is_master = false
node_id_file = /etc/graylog/server/node-id
password_secret = xxx
root_password_sha2 =
8c36005e18sqdad19d69369bf0fc15e55a7e0990c97295d10fa86097a71b9a7b
rest_listen_uri = http://172.168.50.114:12900/
rest_transport_uri = http://172.168.50.114:12900/
rest_thread_pool_size = 16
web_enable = false
web_listen_uri = http://172.168.50.114:9000/
web_enable_gzip = true
web_thread_pool_size = 16
rotation_strategy = count
elasticsearch_max_docs_per_index = 10000000
rotation_strategy = count
elasticsearch_max_number_of_indices = 20
retention_strategy = delete
elasticsearch_shards = 3
elasticsearch_replicas = 1
elasticsearch_index_prefix = graylog
allow_leading_wildcard_searches = false
allow_highlighting = false
elasticsearch_cluster_name = ngraylog2
elasticsearch_node_name_prefix = Graylog3
elasticsearch_discovery_zen_ping_unicast_hosts = graylog-manager2:9300,
graylog-manager1:9300
elasticsearch_discovery_zen_ping_multicast_enabled = false
elasticsearch_network_host = 172.168.50.114
elasticsearch_analyzer = standard
output_batch_size = 500
output_flush_interval = 1
output_fault_count_threshold = 5
output_fault_penalty_seconds = 30
processbuffer_processors = 8
outputbuffer_processors = 6
processor_wait_strategy = blocking
ring_size = 65536
inputbuffer_ring_size = 65536
inputbuffer_processors = 2
inputbuffer_wait_strategy = blocking
message_journal_enabled = true
message_journal_dir = /var/lib/graylog-server/journal
lb_recognition_period_seconds = 9
mongodb_uri =
mongodb://graylog-manager1:27017,graylog-manager2:27017,graylog-manager3:27017/graylog2?replicaSet=replset01
mongodb_max_connections = 1000
mongodb_threads_allowed_to_block_multiplier = 5
transport_email_enabled = true
transport_email_hostname = smtp.xxx.com
transport_email_port = 25
transport_email_use_auth = false
transport_email_use_tls = false
transport_email_use_ssl = false
transport_email_subject_prefix = [ngraylog2]
transport_email_from_email = grayl...@xxx.com
http_connect_timeout = 15s
http_read_timeout = 20s
http_write_timeout = 20s
ldap_connection_timeout = 20000
dashboard_widget_default_cache_time = 20s
content_packs_dir = /usr/share/graylog-server/contentpacks
content_packs_auto_load = grok-patterns.json
is_master = false
node_id_file = /etc/graylog/server/node-id
password_secret = xxx
root_password_sha2 =
8c36005e18sqdad19d69369bf0fc15e55a7e0990c97295d10fa86097a71b9a7b
rest_listen_uri = http://172.168.50.113:12900
rest_transport_uri = http://172.168.50.113:12900/
rest_enable_gzip = true
rest_thread_pool_size = 16
web_enable = false
web_listen_uri = http://172.168.50.113:9000/
web_enable_gzip = true
web_thread_pool_size = 16
rotation_strategy = count
elasticsearch_max_docs_per_index = 10000000
rotation_strategy = count
elasticsearch_max_number_of_indices = 20
retention_strategy = delete
elasticsearch_shards = 3
elasticsearch_replicas = 1
elasticsearch_index_prefix = graylog
allow_leading_wildcard_searches = false
allow_highlighting = false
elasticsearch_cluster_name = ngraylog2
elasticsearch_node_name_prefix = Graylog2
elasticsearch_discovery_zen_ping_unicast_hosts = graylog-manager2:9300,
graylog-manager1:9300, graylog-manager3:9300
elasticsearch_discovery_zen_ping_multicast_enabled = false
elasticsearch_network_host = 172.168.50.113
elasticsearch_analyzer = standard
output_batch_size = 500
output_flush_interval = 1
output_fault_count_threshold = 5
output_fault_penalty_seconds = 30
processbuffer_processors = 8
outputbuffer_processors = 6
processor_wait_strategy = blocking
ring_size = 65536
inputbuffer_ring_size = 65536
inputbuffer_processors = 2
inputbuffer_wait_strategy = blocking
message_journal_enabled = true
message_journal_dir = /var/lib/graylog-server/journal
lb_recognition_period_seconds = 9
mongodb_uri =
mongodb://graylog-manager1:27017,graylog-manager2:27017,graylog-manager3:27017/graylog2?replicaSet=replset01
mongodb_max_connections = 1000
mongodb_threads_allowed_to_block_multiplier = 5
transport_email_enabled = true
transport_email_hostname = smtp.xxx.com
transport_email_port = 25
transport_email_use_auth = false
transport_email_use_tls = false
transport_email_use_ssl = false
transport_email_subject_prefix = [ngraylog2]
transport_email_from_email = grayl...@xxx.com
http_connect_timeout = 15s
http_read_timeout = 20s
http_write_timeout = 20s
ldap_connection_timeout = 20000
dashboard_widget_default_cache_time = 20s
content_packs_dir = /usr/share/graylog-server/contentpacks
content_packs_auto_load = grok-patterns.json
is_master = true
node_id_file = /etc/graylog/server/node-id
password_secret = xxx
root_password_sha2 =
8c36005e18sqdad19d69369bf0fc15e55a7e0990c97295d10fa86097a71b9a7b
rest_listen_uri = http://172.168.50.112:12900/
rest_transport_uri = http://172.168.50.112:12900/
rest_enable_gzip = true
rest_thread_pool_size = 16
web_listen_uri = http://172.168.50.112:9000/
web_enable_cors = true
web_enable_gzip = true
web_thread_pool_size = 16
rotation_strategy = count
elasticsearch_max_docs_per_index = 10000000
rotation_strategy = count
elasticsearch_max_number_of_indices = 20
retention_strategy = delete
elasticsearch_shards = 3
elasticsearch_replicas = 1
elasticsearch_index_prefix = graylog
allow_leading_wildcard_searches = false
allow_highlighting = false
elasticsearch_cluster_name = ngraylog2
elasticsearch_node_name_prefix = Graylog1
elasticsearch_discovery_zen_ping_unicast_hosts = graylog-manager2:9300,
graylog-manager1:9300 , graylog-manager3:9300
elasticsearch_discovery_zen_ping_multicast_enabled = false
elasticsearch_network_host = 172.168.50.112
elasticsearch_analyzer = standard
output_batch_size = 500
output_flush_interval = 1
output_fault_count_threshold = 5
output_fault_penalty_seconds = 30
processbuffer_processors = 8
outputbuffer_processors = 6
processor_wait_strategy = blocking
ring_size = 65536
inputbuffer_ring_size = 65536
inputbuffer_processors = 2
inputbuffer_wait_strategy = blocking
message_journal_enabled = true
message_journal_dir = /var/lib/graylog-server/journal
lb_recognition_period_seconds = 9
mongodb_uri =
mongodb://graylog-manager1:27017,graylog-manager2:27017,graylog-manager3:27017/graylog2?replicaSet=replset01
mongodb_max_connections = 1000
mongodb_threads_allowed_to_block_multiplier = 5
transport_email_enabled = true
transport_email_hostname = smtp.xxx.com
transport_email_port = 25
transport_email_use_auth = false
transport_email_use_tls = false
transport_email_use_ssl = false
transport_email_subject_prefix = [ngraylog2]
transport_email_from_email = grayl...@xxx.com
http_connect_timeout = 15s
http_read_timeout = 20s
http_write_timeout = 20s
ldap_connection_timeout = 20000
dashboard_widget_default_cache_time = 20s
content_packs_dir = /usr/share/graylog-server/contentpacks
content_packs_auto_load = grok-patterns.json
