Hi,
I am using the graylog 3.1 server and beat input for stream the logs. Logs are streaming to each stream. But the problem is its delays 30 mins and there is no real time messages are updating.
When i checked the nodes, its showing high unproccessed messages as the log volume is very high.
Graylog server and client host time zone is same.
is it possible to optimize the graylog server to handle the big size log files and get the real time update?
Yes, you can optimize the performance.
Please check the community search. There are a lot of topic about performance monitoring/optimizing.
If you have more question about the read infromation ask in the original topic. If it’s closed maybe here.
what @macko003 said…
.
But if you want specific help, then you need to provide a bit more information. hardware/vm specs, single node vs multinode, using extractors,. etc…If you’re comfortable sharing some of your server.conf file, please do so. And we’ll try to help
@macko003 @cawfehman, thank you very much for the reply,
Actually each message count per second is very high as the filebeat taking every Newline. i am trying to stream the node application logs, so we have decide to keep a delimiter on a message with same event’s and change the pattern in filebeat yml file to take the each message with these delimiter. These helps to decrease the message count/ sec’s and real time logs are streaming well now.
Thank you again…
Have a nice day…
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
