Hello,
If so could show the compose.yaml file it might help?
Normally when th e buffers are getting full it could mean a couple things.
1.bad regex,grok pattern, or piepline
2.Not enough resources for your buffers. this would be in you graylog.conf file. you can use "locate graylog.config" to find where its at.
3. last, Elasticsearch can not connect with Graylog to index those files in the journal.
4. Your JVM heap is to low
Just a suggestion, that is if you have the resources.
if you have this
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
then try this
- "ES_JAVA_OPTS=-Xms2048m -Xmx2048m"
NOTE: Confirming that elasticsearch is working “green” and Graylog/ES is connected when the journal fills up Elastic might go into read-mode. You best bet is to pause input or log coming it before more issue arise. and digg though the logs files. In your case…
root # docker ps
root # docker logs -f <container_id>
to help you further please take a look here