Graylog OVA Appliance Process Buffer and Journal High Utilization


(Ashfaq Qaimkhani) #1

I need help on Graylog OVA Appliance for fine tuning as I am getting very high utilization of Process Buffer and Journal.

Processing 2,784 incoming and 0 outgoing msg/s.

My VM has 24 GB Memory, 8vCPU and 2.72 TB disk space for graylog.

ubuntu@graylog:~ df -h Filesystem Size Used Avail Use% Mounted on udev 12G 4.0K 12G 1% /dev tmpfs 2.4G 444K 2.4G 1% /run /dev/dm-0 15G 3.2G 11G 23% / none 4.0K 0 4.0K 0% /sys/fs/cgroup none 5.0M 0 5.0M 0% /run/lock none 12G 0 12G 0% /run/shm none 100M 0 100M 0% /run/user /dev/sda1 236M 75M 149M 34% /boot /dev/sdb1 2.7T 196G 2.4T 8% /var/opt/graylog/data ubuntu@graylog:~


(Ashfaq Qaimkhani) #2

I am receiving two notifications as below.

There are 2 notifications

Notifications are triggered by Graylog and indicate a situation you should act upon. Many notification types will also provide a link to the Graylog documentation if you need more information or assistance.

×

Journal utilization is too high (triggered 2 hours ago)

Journal utilization is too high and may go over the limit soon. Please verify that your Elasticsearch cluster is healthy and fast enough. You may also want to review your Graylog journal settings and set a higher limit. (Node: 742950e5-9e80-44cb-a860-77b014c24493 )

×

Uncommited messages deleted from journal (triggered 2 hours ago)

Some messages were deleted from the Graylog journal before they could be written to Elasticsearch. Please verify that your Elasticsearch cluster is healthy and fast enough. You may also want to review your Graylog journal settings and set a higher limit. (Node: 742950e5-9e80-44cb-a860-77b014c24493 )


(Philipp Ruland) #3

Heyo @ashfaq,

what is the state of the Elasticsearch instance behind Graylog?

If Graylog is not able to output any logs, it’s most likely related with a non working Elasticsearch or a broken connection to it.

Have a look at the Graylog default file locations and post the content of the Elasticsearch logs and config.
Additionally, the log from Graylog could be helpful. If your able to, clear the log file, restart Graylog and wait a few minutes. Then copy the log and paste it here.

Greetings,
Philipp

PS: Remember to use tripple backticks or using a gist/etc. when posting logs. :slight_smile:


(system) #4

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.