Graylog stops processing messages seemingly at random times

Hello,

My instance of Graylog sometimes (about twice a day) stops processing messages. The messages are getting written to the message journal and a restart of Graylog (using systemctl restart graylog-server) fixes the issue temporarily. The logs in the journal get processed and then written to Elasticsearch.

I can see no errors at all in either the Graylog or Elasticsearch log files.

I am a bit stuck on what to do here. Any pointers would be appreciated

I am running Graylog 3.1.4 on 1 server

then on another server I am running elasticsearch 6.8.9

I have some thread dumps from the time that the issue happens. If they would be useful let me know and I shall post them.

Thanks!

he @oidz1234

you should investigate what is happening during this time? Does your Elasticsearch is having problem? Check what does happen in the system and you will get a trace.

Hello,

My elasticsearch seems to be perfectly fine.

I have gotten a trace from graylog, I am not sure how to read it or what to look for as it’s very long. Would you like me to post this trace?

from such a time you want to create a processor buffer dump on the System > Nodes page. This allows you to see what the processing processors do.

I do not seem to have that option? I am on graylog 3.1.4

ok - that is added in 3.2 AFAIK … sorry. Without that it is nearly impossible to find what the reason for this is.

Ok, I will try and get Graylog upgraded to 3.2 next week.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.