Hey guys,
i am using Graylog 1.3, with Elasticsearch 1.3 version from last 6 months. everything was fine till 3 days back.
i can only see last 3 days in Graylog console. it should be six months.
Elastic search also shows 1000 shards up which having last 6 months data.3 days back i upgraded RAM on ES nodes to 128 Gb with 100 GB initialze for Elasticsearch Process.
Please help me & suggest what should i do ?
Thanks,
Amit
What’s in the logs of your Graylog and Elasticsearch nodes?
Using 100 GiB of heap memory for Elasticsearch on a system with 128 GiB of memory seems a bit extreme.
Are you sure you need that much memory? It also negatively impacts the garbage collector’s performance and most JVM’s are not properly tuned to cope with that large amount of memory.
I’d also recommend upgrading to the latest version of Graylog and Elasticsearch, since neither Graylog 1.x nor Elasticsearch 1.x are supported anymore.
Hey jochen, thanks for replying.
logs are appearing normal, i will recheck again.
also we have 50 Gb of daily consumptions in logs, in 12 hour peak time. logs processing speed is 2000 to 3500 per second.
right now.we have architecture like this : -
Please help me to out. is there any way so i can see my old logs ? also please suggest is there easy way to migrate 1.3 to latest graylog version.
appreciate your response.
Thanks alot !
No, it’s probably not going to be easy.
The problematic part is going to be Elasticsearch. You should test the upgrade to Elasticsearch 2.4.6 in a test environment. Upgrading to Elasticsearch 5.x will not be possible without reindexing all of your indices.
Other than that, please read the detailed upgrade notes in the documentation: http://docs.graylog.org/en/2.3/pages/upgrade.html
And last but not least, there are professional support services for Graylog: https://www.graylog.org/enterprise
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
