Enable payload compression for Elasticsearch requests

(Anant) #1

Hi All,

We are running Graylog 2.3.4 and Elasticsearch 5.6.0. on Centos 7 and it is running fine.

I have a couple of doubts about below two configuration setting in server.conf.

     # Enable payload compression for Elasticsearch requests.
     # Default: false
     #elasticsearch_compression_enabled = true

Q. If the above setting is set to true does it means that all the events/logs will be stored in ES in compressed form. If yes could you share the compression ratio.??

     # Maximum number of concurrently running index optimization (force merge) jobs.
     # If you are using lots of different index sets, you might want to increase that number.
     # Default: 20
     #elasticsearch_index_optimization_jobs = 20

We now at max have 15 Index Set with each index set configured to have 20 indices, with each index set to 10 GB.

Q. So shall we consider to increase optimization_jobs from default 20 to xyz. If yes from how much we should increase the jobs. Is there a formula??

Thanks in Advance.

Anant Sawant.

(Jochen) #2

No, the setting enables/disables sending gzip-compressed HTTP requests to Elasticsearch.

No, this is the number of concurrent optimization jobs. In most setups, I would even reduce that number because optimizing indices in Elasticsearch is a very I/O intensive operation.

See https://www.elastic.co/guide/en/elasticsearch/reference/5.6/indices-forcemerge.html for details.

(system) #3

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.