Graylog shows only logs till 3 Hours ago


(minosjan) #1

Hello,
I have the strange issue on our Graylog. It shows only the messages till 3 hours ago, no newer. But, new messages are added successfully to log.
I check indices and deflector and it appearing well; rebuilding indices did not solve the problem. I check time synchronization and found it well too, Graylog box synced via NTP with our DCs.
What may be the cause?
BR, Anton Minosjan


(Jochen) #2

Check the logs of your Graylog and Elasticsearch nodes.
:arrow_right: http://docs.graylog.org/en/2.4/pages/configuration/file_location.html


(minosjan) #3

Hi, I check logs for Graylog and Elasticsearch and find more in it.
Is it possible to upload it here (packed if need)?
BR, Anton


(Jochen) #4

You can upload the logs to a pastebin service such as https://0bin.net/ or https://gist.github.com/ and post the link here.


(minosjan) #5

Hello,
uploaded to Github,
server.log from Graylog and rtm-graylog-1466756804.log from Elasticsearch.


Problem started 24.05.2018


(Jochen) #6
  1. You’re using a pretty old version of Graylog (2.0.3) and should upgrade to the latest stable version of Graylog.
  2. Your MongoDB database is regularly not reachable.
  3. Your Elasticsearch cluster seems to be too slow to cope with the throughput of messages at some times, leading to a 100% filled message journal.

(minosjan) #7

Hello,
I extend journal size, maximum keeped logs, rebuild indexes and after ~3 hours it became working.
Thank you for support, closing question.
BR, Anton


(system) #8

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.