I have installed Graylog (v5.0.13), elasticsearch (v7.17.23) and mongodb(v6.0.17) in my ubuntu VM 22.04 LTS which is hosted in a windows server 2016 standard via HYper V. I had allocated dynamic memory of minimum ram 512 MB - maximum 1048576 mb for this ubuntu VM and its currently utilizing almost 20 gb . I understand elasticsearch and graylog is most comsuming my memory. But my windows server has maximum memory of only 64 gb and there are other VMs also running on this server and i am worried due to this high memory consumption my server could crash. I need to keep the data retention for at least 90 days. since my graylog interface do not have a way to adjust the minimum and maximum days , i had to increase the Max number of indices to 90 with Index retention strategy as delete and Index rotation strategy as maximum count and Max docs per index as 20000000. with heap size minimum and max 8.0GiB. I believe, this led to the huge memory consumption. Please advise what i can do since we do not wish to purchase memory for our server, what are our other choices !
Hi,
if you start from scratch: go for OpenSearch. Elastic in version 7.17 is not supported.
https://go2docs.graylog.org/current/planning_your_deployment/planning_your_deployment.html
If you want to keep your data 90 days you should go on indices and adjust the timeframe.
https://go2docs.graylog.org/current/setting_up_graylog/index_model.html?Highlight=indices
1 Like
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.