[graylog2] Re: Graylog 2.2.0-rc.1 lags while editing inputs
Hmm ok i installed 2.2 rc1 from the scratch and the problem seems to be
gone. So i guess it has something to do with the upgrade from 2.1.3 to 2.2
rc1.
Am Mittwoch, 8. Februar 2017 13:22:37 UTC+1 schrieb Ha NN:
>
> JVM:
>
> GRAYLOG_SERVER_JAVA_OPTS="-Xms4g -Xmx4g -XX:NewRatio=1 -server
> -XX:+ResizeTLAB -XX:+UseConcMarkSweepGC -XX:+CMSConcurrentMTEnabled
> -XX:+CMSClassUnloadingEnabled -XX:+UseParNewGC
> -XX:-OmitStackTraceInFastThrow"
>
> Graylog only stuff which is used:
> elasticsearch_shards = 4
> elasticsearch_replicas = 0
> elasticsearch_index_prefix = graylog
> allow_leading_wildcard_searches = false
> allow_highlighting = false
> elasticsearch_cluster_name = graylog
> elasticsearch_analyzer = standard
> output_batch_size = 2000
> output_flush_interval = 1
> output_fault_count_threshold = 5
> output_fault_penalty_seconds = 30
> processbuffer_processors = 10
> outputbuffer_processors = 5
> processor_wait_strategy = blocking
> ring_size = 16384
> inputbuffer_ring_size = 16384
> inputbuffer_processors = 2
> inputbuffer_wait_strategy = blocking
> message_journal_enabled = true
> message_journal_dir = /var/lib/graylog-server/journal
> lb_recognition_period_seconds = 3
> mongodb_uri = mongodb://localhost/graylog2
> mongodb_max_connections = 1000
> mongodb_threads_allowed_to_block_multiplier = 5
> content_packs_dir = /usr/share/graylog-server/contentpacks
> content_packs_auto_load = grok-patterns.json
>
>
>
> Am Mittwoch, 8. Februar 2017 12:56:36 UTC+1 schrieb Jochen Schalanda:
>>
>> Hi,
>>
>> this is the start command for Elasticsearch, not Graylog.
>>
>> Please post the configuration of Graylog and the JVM settings for Graylog
>> (see
>> http://docs.graylog.org/en/2.1/pages/configuration/file_location.html
>> for where to find them).
>>
>> Cheers,
>> Jochen
>>
>> On Wednesday, 8 February 2017 12:14:41 UTC+1, Ha NN wrote:
>>>
>>> It has 8 cores, 32GB ram
>>>
>>> JVM:
>>> /usr/bin/java -Xms18g -Xmx18g -Djava.awt.headless=true -XX:+UseParNewGC
>>> -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75
>>> -XX:+UseCMSInitiatingOccupancyOnly -XX:+HeapDumpOnOutOfMemoryError
>>> -XX:+DisableExplicitGC -Dfile.encoding=UTF-8 -Djna.nosys=true
>>> -Des.path.home=/usr/share/elasticsearch -cp
>>> /usr/share/elasticsearch/lib/elasticsearch-2.4.4.jar:/usr/share/elasticsearch/lib/*
>>>
>>> org.elasticsearch.bootstrap.Elasticsearch start
>>> -Des.pidfile=/var/run/elasticsearch/elasticsearch.pid
>>> -Des.default.path.home=/usr/share/elasticsearch
>>> -Des.default.path.logs=/var/log/elasticsearch
>>> -Des.default.path.data=/var/lib/elasticsearch
>>> -Des.default.path.conf=/etc/elasticsearch
>>>
>>> Am Mittwoch, 8. Februar 2017 11:54:59 UTC+1 schrieb Jochen Schalanda:
Hi,
there are quite long GC pauses mentioned in your logs.
What are the hardware specs of the machine(s) running Graylog and how
did you configure Graylog (also how are the JVM settings)?
Cheers,
Jochen
On Wednesday, 8 February 2017 11:43:27 UTC+1, Ha NN wrote:
>
> Hi,
>
> i am testing Graylog 2.2.0-rc.1 with a gelf udp input plugin. I send
> logs with rsyslog into it. I created some grok pattern extractors mostly
> those ones ID=%{DATA:id}
>
> Once created and you want to edit them it takes a very long time to
> load the edit page and it seems graylog stops to process messages as you
> will see the messages in/out counter at the top goes down to 0.
>
> I also noticed that for some messages the extractors does not apply
> but they should.
>
> I have a one node setup. I use multiple indicies for different streams
> (what a great feature!!!)
>
> You will find following in the log:
>
> 2017-02-08T11:11:59.376+01:00 WARN [NodePingThread] Did not find meta
> info of this node. Re-registering.
> 2017-02-08T11:12:02.265+01:00 INFO [jvm]
> [graylog-192b57c1-d456-4817-acff-d460547e7775] [gc][young][172980][17325]
> duration [725ms], collections [1]/[2.8s], total [725ms]/[7m], memory
> [1.7gb]->[1.1gb]/[3.8gb], all_pools {[young]
> [853.1mb]->[204mb]/[1.6gb]}{[survivor]
> [13.7mb]->[42.2mb]/[204.7mb]}{[old]
> [943.2mb]->[943.7mb]/[2gb]}
> 2017-02-08T11:14:27.066+01:00 INFO [ExtractorsResource] Updated
> extractor <7e13da31-ed47-11e6-a18b-b083fec76da6> of type [grok] in input
> <58949a5f6c6c8c6b200a1b3b>.
> 2017-02-08T11:16:28.641+01:00 WARN [NodePingThread] Did not find meta
> info of this node. Re-registering.
> 2017-02-08T11:17:15.605+01:00 INFO [ExtractorsResource] Updated
> extractor <3c954090-ea26-11e6-95c6-b083fec76da6> of type [grok] in input
> <58949a5f6c6c8c6b200a1b3b>.
>
>
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to graylog2+unsubscr...@googlegroups.com.
To vi
[graylog2] Re: Graylog 2.2.0-rc.1 lags while editing inputs
JVM:
GRAYLOG_SERVER_JAVA_OPTS="-Xms4g -Xmx4g -XX:NewRatio=1 -server
-XX:+ResizeTLAB -XX:+UseConcMarkSweepGC -XX:+CMSConcurrentMTEnabled
-XX:+CMSClassUnloadingEnabled -XX:+UseParNewGC
-XX:-OmitStackTraceInFastThrow"
Graylog only stuff which is used:
elasticsearch_shards = 4
elasticsearch_replicas = 0
elasticsearch_index_prefix = graylog
allow_leading_wildcard_searches = false
allow_highlighting = false
elasticsearch_cluster_name = graylog
elasticsearch_analyzer = standard
output_batch_size = 2000
output_flush_interval = 1
output_fault_count_threshold = 5
output_fault_penalty_seconds = 30
processbuffer_processors = 10
outputbuffer_processors = 5
processor_wait_strategy = blocking
ring_size = 16384
inputbuffer_ring_size = 16384
inputbuffer_processors = 2
inputbuffer_wait_strategy = blocking
message_journal_enabled = true
message_journal_dir = /var/lib/graylog-server/journal
lb_recognition_period_seconds = 3
mongodb_uri = mongodb://localhost/graylog2
mongodb_max_connections = 1000
mongodb_threads_allowed_to_block_multiplier = 5
content_packs_dir = /usr/share/graylog-server/contentpacks
content_packs_auto_load = grok-patterns.json
Am Mittwoch, 8. Februar 2017 12:56:36 UTC+1 schrieb Jochen Schalanda:
>
> Hi,
>
> this is the start command for Elasticsearch, not Graylog.
>
> Please post the configuration of Graylog and the JVM settings for Graylog
> (see http://docs.graylog.org/en/2.1/pages/configuration/file_location.html
> for where to find them).
>
> Cheers,
> Jochen
>
> On Wednesday, 8 February 2017 12:14:41 UTC+1, Ha NN wrote:
>>
>> It has 8 cores, 32GB ram
>>
>> JVM:
>> /usr/bin/java -Xms18g -Xmx18g -Djava.awt.headless=true -XX:+UseParNewGC
>> -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75
>> -XX:+UseCMSInitiatingOccupancyOnly -XX:+HeapDumpOnOutOfMemoryError
>> -XX:+DisableExplicitGC -Dfile.encoding=UTF-8 -Djna.nosys=true
>> -Des.path.home=/usr/share/elasticsearch -cp
>> /usr/share/elasticsearch/lib/elasticsearch-2.4.4.jar:/usr/share/elasticsearch/lib/*
>>
>> org.elasticsearch.bootstrap.Elasticsearch start
>> -Des.pidfile=/var/run/elasticsearch/elasticsearch.pid
>> -Des.default.path.home=/usr/share/elasticsearch
>> -Des.default.path.logs=/var/log/elasticsearch
>> -Des.default.path.data=/var/lib/elasticsearch
>> -Des.default.path.conf=/etc/elasticsearch
>>
>> Am Mittwoch, 8. Februar 2017 11:54:59 UTC+1 schrieb Jochen Schalanda:
>>>
>>> Hi,
>>>
>>> there are quite long GC pauses mentioned in your logs.
>>>
>>> What are the hardware specs of the machine(s) running Graylog and how
>>> did you configure Graylog (also how are the JVM settings)?
>>>
>>> Cheers,
>>> Jochen
>>>
>>> On Wednesday, 8 February 2017 11:43:27 UTC+1, Ha NN wrote:
Hi,
i am testing Graylog 2.2.0-rc.1 with a gelf udp input plugin. I send
logs with rsyslog into it. I created some grok pattern extractors mostly
those ones ID=%{DATA:id}
Once created and you want to edit them it takes a very long time to
load the edit page and it seems graylog stops to process messages as you
will see the messages in/out counter at the top goes down to 0.
I also noticed that for some messages the extractors does not apply but
they should.
I have a one node setup. I use multiple indicies for different streams
(what a great feature!!!)
You will find following in the log:
2017-02-08T11:11:59.376+01:00 WARN [NodePingThread] Did not find meta
info of this node. Re-registering.
2017-02-08T11:12:02.265+01:00 INFO [jvm]
[graylog-192b57c1-d456-4817-acff-d460547e7775] [gc][young][172980][17325]
duration [725ms], collections [1]/[2.8s], total [725ms]/[7m], memory
[1.7gb]->[1.1gb]/[3.8gb], all_pools {[young]
[853.1mb]->[204mb]/[1.6gb]}{[survivor] [13.7mb]->[42.2mb]/[204.7mb]}{[old]
[943.2mb]->[943.7mb]/[2gb]}
2017-02-08T11:14:27.066+01:00 INFO [ExtractorsResource] Updated
extractor <7e13da31-ed47-11e6-a18b-b083fec76da6> of type [grok] in input
<58949a5f6c6c8c6b200a1b3b>.
2017-02-08T11:16:28.641+01:00 WARN [NodePingThread] Did not find meta
info of this node. Re-registering.
2017-02-08T11:17:15.605+01:00 INFO [ExtractorsResource] Updated
extractor <3c954090-ea26-11e6-95c6-b083fec76da6> of type [grok] in input
<58949a5f6c6c8c6b200a1b3b>.
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/d6102d00-face-4fdc-b27e-3745803bbc3d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[graylog2] Re: Graylog 2.2.0-rc.1 lags while editing inputs
Hi,
this is the start command for Elasticsearch, not Graylog.
Please post the configuration of Graylog and the JVM settings for Graylog
(see http://docs.graylog.org/en/2.1/pages/configuration/file_location.html
for where to find them).
Cheers,
Jochen
On Wednesday, 8 February 2017 12:14:41 UTC+1, Ha NN wrote:
>
> It has 8 cores, 32GB ram
>
> JVM:
> /usr/bin/java -Xms18g -Xmx18g -Djava.awt.headless=true -XX:+UseParNewGC
> -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75
> -XX:+UseCMSInitiatingOccupancyOnly -XX:+HeapDumpOnOutOfMemoryError
> -XX:+DisableExplicitGC -Dfile.encoding=UTF-8 -Djna.nosys=true
> -Des.path.home=/usr/share/elasticsearch -cp
> /usr/share/elasticsearch/lib/elasticsearch-2.4.4.jar:/usr/share/elasticsearch/lib/*
>
> org.elasticsearch.bootstrap.Elasticsearch start
> -Des.pidfile=/var/run/elasticsearch/elasticsearch.pid
> -Des.default.path.home=/usr/share/elasticsearch
> -Des.default.path.logs=/var/log/elasticsearch
> -Des.default.path.data=/var/lib/elasticsearch
> -Des.default.path.conf=/etc/elasticsearch
>
> Am Mittwoch, 8. Februar 2017 11:54:59 UTC+1 schrieb Jochen Schalanda:
>>
>> Hi,
>>
>> there are quite long GC pauses mentioned in your logs.
>>
>> What are the hardware specs of the machine(s) running Graylog and how did
>> you configure Graylog (also how are the JVM settings)?
>>
>> Cheers,
>> Jochen
>>
>> On Wednesday, 8 February 2017 11:43:27 UTC+1, Ha NN wrote:
>>>
>>> Hi,
>>>
>>> i am testing Graylog 2.2.0-rc.1 with a gelf udp input plugin. I send
>>> logs with rsyslog into it. I created some grok pattern extractors mostly
>>> those ones ID=%{DATA:id}
>>>
>>> Once created and you want to edit them it takes a very long time to load
>>> the edit page and it seems graylog stops to process messages as you will
>>> see the messages in/out counter at the top goes down to 0.
>>>
>>> I also noticed that for some messages the extractors does not apply but
>>> they should.
>>>
>>> I have a one node setup. I use multiple indicies for different streams
>>> (what a great feature!!!)
>>>
>>> You will find following in the log:
>>>
>>> 2017-02-08T11:11:59.376+01:00 WARN [NodePingThread] Did not find meta
>>> info of this node. Re-registering.
>>> 2017-02-08T11:12:02.265+01:00 INFO [jvm]
>>> [graylog-192b57c1-d456-4817-acff-d460547e7775] [gc][young][172980][17325]
>>> duration [725ms], collections [1]/[2.8s], total [725ms]/[7m], memory
>>> [1.7gb]->[1.1gb]/[3.8gb], all_pools {[young]
>>> [853.1mb]->[204mb]/[1.6gb]}{[survivor] [13.7mb]->[42.2mb]/[204.7mb]}{[old]
>>> [943.2mb]->[943.7mb]/[2gb]}
>>> 2017-02-08T11:14:27.066+01:00 INFO [ExtractorsResource] Updated
>>> extractor <7e13da31-ed47-11e6-a18b-b083fec76da6> of type [grok] in input
>>> <58949a5f6c6c8c6b200a1b3b>.
>>> 2017-02-08T11:16:28.641+01:00 WARN [NodePingThread] Did not find meta
>>> info of this node. Re-registering.
>>> 2017-02-08T11:17:15.605+01:00 INFO [ExtractorsResource] Updated
>>> extractor <3c954090-ea26-11e6-95c6-b083fec76da6> of type [grok] in input
>>> <58949a5f6c6c8c6b200a1b3b>.
>>>
>>>
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/a4e61733-a6f7-4fec-b4af-3888543c4f0e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[graylog2] Re: Graylog 2.2.0-rc.1 lags while editing inputs
It has 8 cores, 32GB ram
JVM:
/usr/bin/java -Xms18g -Xmx18g -Djava.awt.headless=true -XX:+UseParNewGC
-XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75
-XX:+UseCMSInitiatingOccupancyOnly -XX:+HeapDumpOnOutOfMemoryError
-XX:+DisableExplicitGC -Dfile.encoding=UTF-8 -Djna.nosys=true
-Des.path.home=/usr/share/elasticsearch -cp
/usr/share/elasticsearch/lib/elasticsearch-2.4.4.jar:/usr/share/elasticsearch/lib/*
org.elasticsearch.bootstrap.Elasticsearch start
-Des.pidfile=/var/run/elasticsearch/elasticsearch.pid
-Des.default.path.home=/usr/share/elasticsearch
-Des.default.path.logs=/var/log/elasticsearch
-Des.default.path.data=/var/lib/elasticsearch
-Des.default.path.conf=/etc/elasticsearch
Am Mittwoch, 8. Februar 2017 11:54:59 UTC+1 schrieb Jochen Schalanda:
>
> Hi,
>
> there are quite long GC pauses mentioned in your logs.
>
> What are the hardware specs of the machine(s) running Graylog and how did
> you configure Graylog (also how are the JVM settings)?
>
> Cheers,
> Jochen
>
> On Wednesday, 8 February 2017 11:43:27 UTC+1, Ha NN wrote:
>>
>> Hi,
>>
>> i am testing Graylog 2.2.0-rc.1 with a gelf udp input plugin. I send logs
>> with rsyslog into it. I created some grok pattern extractors mostly those
>> ones ID=%{DATA:id}
>>
>> Once created and you want to edit them it takes a very long time to load
>> the edit page and it seems graylog stops to process messages as you will
>> see the messages in/out counter at the top goes down to 0.
>>
>> I also noticed that for some messages the extractors does not apply but
>> they should.
>>
>> I have a one node setup. I use multiple indicies for different streams
>> (what a great feature!!!)
>>
>> You will find following in the log:
>>
>> 2017-02-08T11:11:59.376+01:00 WARN [NodePingThread] Did not find meta
>> info of this node. Re-registering.
>> 2017-02-08T11:12:02.265+01:00 INFO [jvm]
>> [graylog-192b57c1-d456-4817-acff-d460547e7775] [gc][young][172980][17325]
>> duration [725ms], collections [1]/[2.8s], total [725ms]/[7m], memory
>> [1.7gb]->[1.1gb]/[3.8gb], all_pools {[young]
>> [853.1mb]->[204mb]/[1.6gb]}{[survivor] [13.7mb]->[42.2mb]/[204.7mb]}{[old]
>> [943.2mb]->[943.7mb]/[2gb]}
>> 2017-02-08T11:14:27.066+01:00 INFO [ExtractorsResource] Updated
>> extractor <7e13da31-ed47-11e6-a18b-b083fec76da6> of type [grok] in input
>> <58949a5f6c6c8c6b200a1b3b>.
>> 2017-02-08T11:16:28.641+01:00 WARN [NodePingThread] Did not find meta
>> info of this node. Re-registering.
>> 2017-02-08T11:17:15.605+01:00 INFO [ExtractorsResource] Updated
>> extractor <3c954090-ea26-11e6-95c6-b083fec76da6> of type [grok] in input
>> <58949a5f6c6c8c6b200a1b3b>.
>>
>>
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/c967bdd8-d53a-4678-834f-fd98ae00b9e4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[graylog2] Re: Graylog 2.2.0-rc.1 lags while editing inputs
Hi,
there are quite long GC pauses mentioned in your logs.
What are the hardware specs of the machine(s) running Graylog and how did
you configure Graylog (also how are the JVM settings)?
Cheers,
Jochen
On Wednesday, 8 February 2017 11:43:27 UTC+1, Ha NN wrote:
>
> Hi,
>
> i am testing Graylog 2.2.0-rc.1 with a gelf udp input plugin. I send logs
> with rsyslog into it. I created some grok pattern extractors mostly those
> ones ID=%{DATA:id}
>
> Once created and you want to edit them it takes a very long time to load
> the edit page and it seems graylog stops to process messages as you will
> see the messages in/out counter at the top goes down to 0.
>
> I also noticed that for some messages the extractors does not apply but
> they should.
>
> I have a one node setup. I use multiple indicies for different streams
> (what a great feature!!!)
>
> You will find following in the log:
>
> 2017-02-08T11:11:59.376+01:00 WARN [NodePingThread] Did not find meta
> info of this node. Re-registering.
> 2017-02-08T11:12:02.265+01:00 INFO [jvm]
> [graylog-192b57c1-d456-4817-acff-d460547e7775] [gc][young][172980][17325]
> duration [725ms], collections [1]/[2.8s], total [725ms]/[7m], memory
> [1.7gb]->[1.1gb]/[3.8gb], all_pools {[young]
> [853.1mb]->[204mb]/[1.6gb]}{[survivor] [13.7mb]->[42.2mb]/[204.7mb]}{[old]
> [943.2mb]->[943.7mb]/[2gb]}
> 2017-02-08T11:14:27.066+01:00 INFO [ExtractorsResource] Updated extractor
> <7e13da31-ed47-11e6-a18b-b083fec76da6> of type [grok] in input
> <58949a5f6c6c8c6b200a1b3b>.
> 2017-02-08T11:16:28.641+01:00 WARN [NodePingThread] Did not find meta
> info of this node. Re-registering.
> 2017-02-08T11:17:15.605+01:00 INFO [ExtractorsResource] Updated extractor
> <3c954090-ea26-11e6-95c6-b083fec76da6> of type [grok] in input
> <58949a5f6c6c8c6b200a1b3b>.
>
>
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/9bf9b698-1f06-48fc-adcb-642cf4ad7198%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
