Graylog to graylog communication issue


(Saif) #1

I am using graylog:2.4 along with mongo3 and elastic5.6.12.

I have a setup like this

filebeat -> graylog1->stream-> gelfoutput -> graylog2->alert->webhook

I have two graylog running on 2 hosts and i have created 2 networks for this.Thefirst graylog takes 10 seconds for message to reach the gelfoutput(from filebeat to gelfoutput ).I dont know why it is taking 10 sec to reach the output.After it reaches the output it is quick to reach the second graylog and alert.Can anyone please help me.


(Tess) #2

To put it shortly, you are asking for help with an older Graylog1 environment. The modern* Graylog2 environment is okay.

*: assuming that you’re running a recent version…

Anywho… Why a message takes 10sec to go from input -> stream -> output can be down to many different factors.

  • Is this for specific messages, or all messages?
  • Is this for messages passing through a specific stream and/or pipeline, or all messages?
  • Are your Graylog1 boxen showing any performance issues? CPU/RAM/IO/NET on Graylog, Mongo or ES.

Etc. etc.