Graylog cluster in kubernetes

bogd · April 20, 2024, 11:23am

You can find the sharding recommendations here.

As a rule of thumb, you should aim for 10GB+ shards. So how many of them you set will depend on how much data you are collecting, and how long you are storing it for.

Joel_Duffield · April 20, 2024, 2:20pm

Can you post a screenshot of your indicies setup, including how many shards they have, rotation strategy etc.

cake007 · April 20, 2024, 3:53pm

yes
batch size is 500

cake007 · April 20, 2024, 3:54pm

21 shards
index rotate every 1 hr
PT1H

Joel_Duffield · April 20, 2024, 4:06pm

21 shards per index (so 21 new shards every hour when it rotates), or 21 shards total?

cake007 · April 20, 2024, 4:13pm

21 shards per index
yes 21 new shards every hour

Joel_Duffield · April 20, 2024, 4:29pm

So first off, if you upgrade to graylog 5.1 you can switch over to time size optimization of index rotation and graylog will look after rotating then at the right time. Also you want shards ro be a multiple of your nodes, but I would just start with the same number of shards as nodes, see OpenSearch Shard Size: Choosing the Correct Number of Shards

system · May 4, 2024, 4:29pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Enhance Graylog search performance by adding new Elastic nodes? Graylog Central (peer support)	3	1648	August 24, 2017
How to improve the output message rate to Elasticsearch? Graylog Central (peer support)	4	2306	March 23, 2018
Help with under-performing setup Graylog Central (peer support)	10	284	December 30, 2023
Graylog has Millions of Unprocessed Messages Graylog Central (peer support)	2	969	February 10, 2021
Slow Message processing from GELF/Kafka inputs Graylog Central (peer support)	12	2136	April 23, 2018

Graylog cluster in kubernetes

Related topics