Graylog Journal question

(Mike Daoust) #1


We had new scenario pop up with our cluster over the weekend.
Sunday our ES master nodes became unreachable, this normally wouldn’t cause any issues, they would journal then clear out when things returned to a normal state.

In this instance the index also attempted to rotate while the ES masters were unavailable. It appears that incoming messages did not get journaled. We have some logging around this so we are alerted when the journal gets utilized and it remained at zero utilization throughout the incident.

The journal location is empty, no additional disk usage was logged by our hardware monitoring and I am not finding anything in graylog’s logs that indicate anything about journaling events either.

Can you suggest some things to look at?

(Mike Daoust) #2

so it appears that some journaling took place. We have the capacity to journal about a weeks worth of data so I am still unsure why all of the data did not get journaled in this case. Any suggestions on where to look for journaling errors or logging around journaling activities would be a great help.

(system) closed #3

