Inputs Set to Start By Default

Graylog Central (peer support)
1

Probem Description

It seems whenever I restart Graylog all the inputs start by default.
I have a couple of Inputs that I only start as needed because they consume a lot of database/CPU resources. Can I configure an input that does not start by default unless the system administrator explicitly starts it?

Thank you for your help.

Environmental information

Operating system information

centos-linux-release-8.3-1.2011.el8.noarch

Package versions

  • Graylog 4.0.7
  • MongoDB 4.2.14
  • Elasticsearch 7.10.2
2

Hi there, there’s an open issue for this here: Disable inputs auto starting · Issue #10955 · Graylog2/graylog2-server · GitHub. I’d recommend adding a comment to let our product team know that you’d like to have this capability added to Graylog.

1 Like
3

Dear Product Team,
Yes please. This is a feature that would be appreciated.
–Dan

4

In the meantime, I tried the following:

  1. I setup a Stream to handle this particular input called ASA_AnyConnect
  2. I setup a Pipeline called “Bit_Butcket” and connected it to the ASA_AnyConnect Stream.
  3. That pipeline has one stage with one rule:
rule "Drop_Message"
when
   true
then
   drop_message();
end

This plan seems good except for two issues:

  1. It doesn’t work. The stream shows thousands of msg/s but the pipeline shows zero msg/s. Probably user error as this is my first pipeline I’ve setup.
  2. If it did work, it remains to be seen how much this would help me. Without this rule, turning on this input pegs all four of my CPUs and makes the whole system unresponsive. With this rule, would it be any better? It would certainly save on my disk space, but I’m primarily interested in the system staying responsive and performant.

Can someone suggest what I should do to trouble shoot this? What can I post to this message board to help with the troubleshooting?

Thanks.

5

Hi Dan,

I meant on the GitHub issue. Our product team isn’t generally active in the forums. They’re more likely to see your comment on the GitHub issue.

6

Can you provide a URL to “Github Issue”? I don’t know what this is.
Thanks.

7

The link is in my reply here Inputs Set to Start By Default - #2 by aaronsachs

8

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.