I have 3 server run multi node graylogs. i want to set time sync data between servers in define time, for example at night. because it uses too big data to synchronize with each other. I using metronet internet to connect to keep 3 site So I want my cluster of graylogs to sync outside of working hours.
Thanks
Graylog don’t talk each other (except some metric data…), so you don’t need sync anything.
The config stored in mongo, but there is no big changes, so you can sync it any time
Maybe you thought for elastic data.
In this case you should check elasticsearch possible solutions. But I think it’s not possible. And also if you don’t sync data how would like to search in it?
Some idea, maybe it can help.
create different streams to sites.
create different index sets for stream.
config elastic, to store indexes at the sites where data come from.
set replica to 1 at night with a cron job. In this case ES should sync the data to another site
in this case until the replica set you won’t have redundant storage.
also disable relocating at day in ES.
oke thanks you!
I have a question. how does graylogs save data? (elastic and mongodb)
I don’t really understand you question. I’m afraid you don’t know about graylog.
I think you should start somewhere here:
http://docs.graylog.org/en/3.0/
you can see?
I have 3 node at 3 different locations.EX:new york, los angeles ,and chicago. so the process of synchronizing between nodes consumes a lot of bandwidth,so I want it to synchronize with each other after work.
How did you installed Graylog? What is your architecture?
Did you build ONE Cluster on multiple locations? What was your goal?
I installed graylogs in 3 node of 3 server different location.
my architecture:
because I want to focus logs between 3 locations
Elasticsearch and MongoDB sync their data across that locations - if you build a replicaset for mongoDB (what is needed to have a single Graylog cluster) and depending on the number of shards and replicas you have configured Elasticsearch syncs data between all three locations. In addition Graylog is searching across all three locations for data …
That is all done on purpose in that way. You can’t “sync that later” it is live and the data is available and needs to be in sync.
If you can’t handle that you need to rethink your setup.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.