Graylog not using all CPUs

Andy · February 3, 2018, 9:50am

I have a Graylog2 installation with:

2 nodes with Graylog2 (16CPU, 14GB memory)
3 nodes with Elastic Search (4 CPU, 26 GB memory)

At the moment the system is under high load (messages in: 12.000 msg/sec) and can not manage to process them fast enough.

The journals are filling up, “Process buffer” and “Output buffer” are both at 100%.

But when I look at the CPU on the 2 Graylog2 hosts (with top") it’s only at 400%. Does that mean that only 4 cores (out of 16) are utilized?

Can I increase the CPUs that Graylog2 utilizes?

jochen · February 3, 2018, 11:26am

Please post the complete configuration of the Graylog nodes and their respective JVM settings.
http://docs.graylog.org/en/2.4/pages/configuration/file_location.html

macko003 · February 8, 2018, 7:51pm

The full process and output buffer usually means it can’t write out the message to Elasticsearch.
So maybe your graylog servers “need” only 400% CPU and your elastic have a bottleneck.
So I suggest to check the elasticsearch cluster first. CPU, and disk IO.
But a wrong config can also cause simmilar error, please upload your config as @jochen asked.

system · February 22, 2018, 7:51pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Process and output buffer is 100% utilized Graylog Central (peer support)	5	9097	July 26, 2018
Elasticsearch optimization Graylog Central (peer support)	3	733	January 23, 2023
Performace Problems Graylog Central (peer support)	5	501	December 6, 2019
Buffer utilization is 100% for all nodes having backlog Graylog Central (peer support)	18	5147	October 18, 2018
Process Buffer Flooding 100% process Graylog Central (peer support)	8	4079	May 7, 2020

Graylog not using all CPUs

Related Topics