Hi Arief, messages piling up in the Graylog journal usually means that Elasticsearch cannot keep up with indexing all the messages thrown at it.
Try providing more memory and CPU cores to the virtual machine. You can also try and tweak several Elasticsearch related settings like output_batch_size <https://github.com/Graylog2/graylog2-server/blob/2.0.3/misc/graylog.conf#L274-L279>, output_flush_interval <https://github.com/Graylog2/graylog2-server/blob/2.0.3/misc/graylog.conf#L281-L284>, and Elasticsearch's refresh_interval <https://www.elastic.co/guide/en/elasticsearch/guide/2.x/near-real-time.html#refresh-api> . Cheers, Jochen On Wednesday, 13 July 2016 08:39:11 UTC+2, Arief Hydayat wrote: > > Hi Graylog guru and users, > > I need help on how to deal with the Journal Utilization is too high? As I > mention in the previous topic, the Graylog I deploy is from OVA appliance > and currently running on version 2.0.3 with 1 cluster node. > > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/74b3abc0-444e-442c-b457-d57017da55cc%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
