Im recibe like 20 millions of logs per/day , i have a 8 cpus , 8gb de ram and 50gb disk , but at the begin its ok , i have the content pack from github from extractos , and the buffers are perfect… But when a 5 hours pas , the output buffer overload so the server , i think is about how the jvm is working and onli have 1 gb… So how can i edit that , i read i a lot of post but send me to the file in /opt/graylog … etc but i dont have anything over that directory. Or mi problem is over the size of the journal because when i rotate the indices manualy , and the disk is empy , everithin works.
From what you are writing, I guess you are using the OVA, the virtual image.
Please refer to the documentation where to find the default files for configuration.
No dude i install from deb dependence… How can i avoid the creation for new resources… I dont know but when a msg came with a souce word on the dest_URL , on the sources show me a new one like that
Should i play withe the extractors , and try to manipulate the regular expression? Becouse when the indice erase the resources erasee too… But i see a lot so , hope you can give me a hint.
Dude you came in asking for a beer and then talk about food - please stay on topic.
You might have notice that on the same page I have written, you find the default locations on debian based systems too.
If you would wrote all Information clear it is easier to help you.
For your other issue, create a new topic.
You are right dude , i really sorry but i fix a issue and i get another one hahaha !! I will try to be more specific in the other topic i will create , if u can plz close this one !!! I apressiate your help.
Regards.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.