Hi, during the last week I have experienced a serious issue two times: Graylog stopped processing messages although it continues to receive new logs. When this happens the application is normally browsable, except the fact that queries are performed gradually slower. In both cases it was sufficient to reboot the machine and see Graylog process about 2,200-3,000 messages/s for a few minutes.
Graylog is currently receiving about 1 million logs per hour and the server has 8 cores, 24 GB of RAM and 12 GB of Swap. When the issue occurs all these resources are used at a more than acceptable level (overall CPU usage under 40% and about 4 GB of RAM occupied). Is there anyone who is experiencing the same issue?
it sounds like your elasticsearch might have an issue.
without more information its hard to tell
Also, disabling swap could be useful.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.