[graylog2] Re: use elasticsearch not only for graylog
Thanks, so my strategy is to rename put them in the same cluster, and have replica 1. so that the indices are spread to both VMs and once everything is green i can switch one of. Now: - is there a better strategy? - what happens if i rename the cluster.name from 'graylog' to something else? On Monday, January 16, 2017 at 4:48:40 PM UTC+1, Jochen Schalanda wrote: > > Hi Stefano, > > On Monday, 16 January 2017 16:20:35 UTC+1, Stefano Tranquillini wrote: >> >> Now, how bad is the idea to have just 1 elasticsearch (so stop the one in >> A and keep the one in B) for graylog and our searches? Is that a problem? >> > > If your Elasticsearch cluster can handle the load of Graylog and your own > application(s), this should be fine. Graylog will not interfere with > non-managed indices. > > > Cheers, > Jochen > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/63290a23-9773-477c-af8f-1db8a58eb657%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] use elasticsearch not only for graylog
Hi all, Question: i've a server with several VMs and one contains elastic+graylog etc (let's call it A), then I've a second VM where there's another istance of elasticsearch used for other means (we do index documents for searches there) (let's call B). Now, how bad is the idea to have just 1 elasticsearch (so stop the one in A and keep the one in B) for graylog and our searches? Is that a problem? -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/2e5e81a5-87e9-47ed-a406-34ca38a1a8b6%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [graylog2] Re: 30% CPU usage
I may have found (so far 1 day without the problem) the problem, i had the zencast enabled in the conf. On Tue, Jan 3, 2017 at 3:04 PM, Stefano Tranquillini < stefano.tranquill...@gmail.com> wrote: > To explain better: > i've two phisical servers on which we manage VMs > server A has 12 VMs, server B has 6 VMs. Graylog is 1 VMs on both, and > receives data from 1 VMs. same amount of memory and space. > Both graylog version are Graylog 2.1.1+01d50e5, installed pretty much the > same day. > configuration wise it the same, if there's anything in particular that I > should check out pls let me know. There's nothing special, just 1 single > input (UDP) with a JSON extractor. 8 indices retetion of 1week time. > the only thing is that the server with 30% has a slightly more traffic, > but not so much to have such a high cpu.. > > On Tue, Jan 3, 2017 at 2:52 PM, Jochen Schalanda <joc...@graylog.com> > wrote: > >> Hi Stefano, >> >> On Tuesday, 3 January 2017 14:15:23 UTC+1, Stefano Tranquillini wrote: >>> >>> any idea? it keeps replicating the behaviour and I don't get why. >>> >> >> what does "pretty much the same load and configuration" mean exactly? >> What do the logs of both Graylog nodes say? >> >> Cheers, >> Jochen >>> >>> -- >> You received this message because you are subscribed to a topic in the >> Google Groups "Graylog Users" group. >> To unsubscribe from this topic, visit https://groups.google.com/d/to >> pic/graylog2/GS5rJubNRBg/unsubscribe. >> To unsubscribe from this group and all its topics, send an email to >> graylog2+unsubscr...@googlegroups.com. >> To view this discussion on the web visit https://groups.google.com/d/ms >> gid/graylog2/89cff080-be1b-446f-84b7-74db52b4fd25%40googlegroups.com >> <https://groups.google.com/d/msgid/graylog2/89cff080-be1b-446f-84b7-74db52b4fd25%40googlegroups.com?utm_medium=email_source=footer> >> . >> >> For more options, visit https://groups.google.com/d/optout. >> > > > > -- > Stefano > -- Stefano -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/CAPQ1%3DkAYV-8F4hbowvU1N%3DRWqCB%3D1G7T-JejaRq3gSgoZGx0%2BQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [graylog2] Re: 30% CPU usage
To explain better: i've two phisical servers on which we manage VMs server A has 12 VMs, server B has 6 VMs. Graylog is 1 VMs on both, and receives data from 1 VMs. same amount of memory and space. Both graylog version are Graylog 2.1.1+01d50e5, installed pretty much the same day. configuration wise it the same, if there's anything in particular that I should check out pls let me know. There's nothing special, just 1 single input (UDP) with a JSON extractor. 8 indices retetion of 1week time. the only thing is that the server with 30% has a slightly more traffic, but not so much to have such a high cpu.. On Tue, Jan 3, 2017 at 2:52 PM, Jochen Schalanda <joc...@graylog.com> wrote: > Hi Stefano, > > On Tuesday, 3 January 2017 14:15:23 UTC+1, Stefano Tranquillini wrote: >> >> any idea? it keeps replicating the behaviour and I don't get why. >> > > what does "pretty much the same load and configuration" mean exactly? What > do the logs of both Graylog nodes say? > > Cheers, > Jochen >> >> -- > You received this message because you are subscribed to a topic in the > Google Groups "Graylog Users" group. > To unsubscribe from this topic, visit https://groups.google.com/d/ > topic/graylog2/GS5rJubNRBg/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > graylog2+unsubscr...@googlegroups.com. > To view this discussion on the web visit https://groups.google.com/d/ > msgid/graylog2/89cff080-be1b-446f-84b7-74db52b4fd25%40googlegroups.com > <https://groups.google.com/d/msgid/graylog2/89cff080-be1b-446f-84b7-74db52b4fd25%40googlegroups.com?utm_medium=email_source=footer> > . > > For more options, visit https://groups.google.com/d/optout. > -- Stefano -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/CAPQ1%3DkC047S1P9eJuz%3D%2BF3jep5n%2BWEBCjESk-djfGDWD7rqgkw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [graylog2] Re: 30% CPU usage
any idea? it keeps replicating the behaviour and I don't get why. On Wed, Dec 28, 2016 at 2:58 PM, Stefano Tranquillini < stefano.tranquill...@gmail.com> wrote: > this is what i get from the api call > > http://pastebin.com/rEnubNbk > > On Wed, Dec 28, 2016 at 12:55 PM, Jochen Schalanda <joc...@graylog.com> > wrote: > >> Hi Stefano, >> >> you could take a look at the thread dump of that Graylog instance via the >> /system/threaddump resource of the Graylog REST API or attach a profiler >> like VisualVM <https://visualvm.github.io/> to the Java process. >> >> Cheers, >> Jochen >> >> On Wednesday, 28 December 2016 12:33:21 UTC+1, Stefano Tranquillini wrote: >>> >>> Hi all, >>> I'm experienceing a strange thing with a deploymento of graylog. >>> Basically, after a while that it's started graylog keeps using 30% of the >>> CPU without any specific reason. >>> I've two system that have pretty much the same load and configuration. >>> In one graylog uses less than 5% in the other one uses 30% and I don't get >>> why. >>> >>> The ramp to 30% happens after a while and it's not immdiate. If i >>> restart it than it goes down to few % of CPU usage. >>> >>> the top returns this: >>> 532 graylog 20 0 3763212 1.251g 22296 S 25.6 16.2 1038:36 java >>> >>> How can I check why it's using CPU? >>> the log doesn't says anything useful. >>> >> -- >> You received this message because you are subscribed to a topic in the >> Google Groups "Graylog Users" group. >> To unsubscribe from this topic, visit https://groups.google.com/d/to >> pic/graylog2/GS5rJubNRBg/unsubscribe. >> To unsubscribe from this group and all its topics, send an email to >> graylog2+unsubscr...@googlegroups.com. >> To view this discussion on the web visit https://groups.google.com/d/ms >> gid/graylog2/b41f5754-0a66-4582-a41e-601ac3f51fc0%40googlegroups.com >> <https://groups.google.com/d/msgid/graylog2/b41f5754-0a66-4582-a41e-601ac3f51fc0%40googlegroups.com?utm_medium=email_source=footer> >> . >> >> For more options, visit https://groups.google.com/d/optout. >> > > > > -- > Stefano > -- Stefano -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/CAPQ1%3DkC-UiFDGG48cmhL%3DHAVx%3D09LP3tFgmzw8a7RCy89u7H6A%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [graylog2] Re: 30% CPU usage
this is what i get from the api call http://pastebin.com/rEnubNbk On Wed, Dec 28, 2016 at 12:55 PM, Jochen Schalanda <joc...@graylog.com> wrote: > Hi Stefano, > > you could take a look at the thread dump of that Graylog instance via the > /system/threaddump resource of the Graylog REST API or attach a profiler > like VisualVM <https://visualvm.github.io/> to the Java process. > > Cheers, > Jochen > > On Wednesday, 28 December 2016 12:33:21 UTC+1, Stefano Tranquillini wrote: >> >> Hi all, >> I'm experienceing a strange thing with a deploymento of graylog. >> Basically, after a while that it's started graylog keeps using 30% of the >> CPU without any specific reason. >> I've two system that have pretty much the same load and configuration. In >> one graylog uses less than 5% in the other one uses 30% and I don't get why. >> >> The ramp to 30% happens after a while and it's not immdiate. If i restart >> it than it goes down to few % of CPU usage. >> >> the top returns this: >> 532 graylog 20 0 3763212 1.251g 22296 S 25.6 16.2 1038:36 java >> >> How can I check why it's using CPU? >> the log doesn't says anything useful. >> > -- > You received this message because you are subscribed to a topic in the > Google Groups "Graylog Users" group. > To unsubscribe from this topic, visit https://groups.google.com/d/ > topic/graylog2/GS5rJubNRBg/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > graylog2+unsubscr...@googlegroups.com. > To view this discussion on the web visit https://groups.google.com/d/ > msgid/graylog2/b41f5754-0a66-4582-a41e-601ac3f51fc0%40googlegroups.com > <https://groups.google.com/d/msgid/graylog2/b41f5754-0a66-4582-a41e-601ac3f51fc0%40googlegroups.com?utm_medium=email_source=footer> > . > > For more options, visit https://groups.google.com/d/optout. > -- Stefano -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/CAPQ1%3DkCAJrFKRrL9-Q0a8aSRp%3DD%2BoEBtg6ToSTEigLLYWdgORg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] 30% CPU usage
Hi all, I'm experienceing a strange thing with a deploymento of graylog. Basically, after a while that it's started graylog keeps using 30% of the CPU without any specific reason. I've two system that have pretty much the same load and configuration. In one graylog uses less than 5% in the other one uses 30% and I don't get why. The ramp to 30% happens after a while and it's not immdiate. If i restart it than it goes down to few % of CPU usage. the top returns this: 532 graylog 20 0 3763212 1.251g 22296 S 25.6 16.2 1038:36 java How can I check why it's using CPU? the log doesn't says anything useful. -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/a2c9e8a6-79cc-4694-b1e6-9bc689191139%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
