Backlog of messages after ubuntu updates are available

I’ve been running graylog for some time now and absolutely love it.
There is only 1 recurring issue I can’t seem to figure out.
Occasionally, the unprocessed messages start to build up. A restart of the service seems to fix whatever is wrong and the journal starts to empty out.
Oddly, when I login to the box when this happens, there is ALWAYS a banner for updates…

6 packages can be updated.
0 updates are security updates.

So best I can figure is that something in that process is making the graylog process go nutty and it doesn’t recover without help.

Running 16.04.6 LTS on 20 bare metal servers, with GL 3.0 and JVM: 1.8.0_191 and ES: 6.6.2
20TB of storage and 98Gb of ram. 2 CPU (24 cores total)
Processing about 11,000 messages a second.

Scott

He @scottbob09 please don’t yell …

I guess you are using the Graylog OVA? Or did you do a manual installation? That you have packages to update in the OS isn’t a bad sign, as this is pretty normal and will happen very regular.

What can you find on this occasionally event in the Graylog server logfile? Is the sum of messages higher during that times? Is a backup script runnin in that time? You need to investigate now into this.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.