Graylog works but some messages are missing

gadsc · December 27, 2022, 3:07pm

1. Describe your incident:
Hey all, i’m deploying a Graylog stack in my company using Graylog 4.3, Opensearch 1.3.5 and Fluentd to send logs to Graylog. All of this it is running in a Kubernetes cluster and everything is working fine, except by some logs not appearing: in a window of 5 minutes i’m missing around 1300 messages only from one namespace in a universe of 18k messages. I suspected of message field size, but fields are not that big (an example it is a message field with 16kb not appearing in graylog)

I increased the resources and have Grafana panels to monitor all pieces, and everything looks running well. There are no logs in a level higher than INFO in Graylog, OS, or Fluentd. I use GELF UDP to receive logs.

Could you please point some debug direction based on your experience?

StefanAustin · December 27, 2022, 4:35pm

maybe look at server.log to see what messages are getting dropped.
Sometimes it is a timestamp issue, a wrong mapping or something else.
It just a guess.

ihe · December 28, 2022, 9:44am

You can also have a look at Sytem - Overview and there seach for Indexing & Processing Failures.

system · January 11, 2023, 9:45am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.