I’ve currently running 3 Graylog-nodes and when looking at the strored logs I see that about 80% of my logs are duplicated. It’s not just one node that’s having that issue neither just one source.
I’m sending logs from my PHP application via the latest GELF library to an GELF-UDP input. I already switched on the PHP-library side from Chunksize WAN(1420) to LAN(8154), which didn’t change anything.
I’ve added an automatic increment of log item at the PHP-side, which automatically increases the log number index in that process, to see if the log is called twice. Both messages are coming in with the same index-number, so it seems that the Graylog server is storing the message twice.
Incomming messages are filtered by a stream (enabled to remove from All messages) and then lead to a specific index-set.
Both duplicated messages are stored in the same index and received by the same node.
I don’t know where to look further to stop having those duplicated messages. Any ideas?
By the way, I already installed 2.2.3, which didn’t help.