Oh wow, 173.273 Index errors that’s a lot.
Looks like you have some index issues to fix. I would check you logs and insure elasticsearch is running correct.
We would need to see the configuration files and the log files.
OK - I see the failure message limit of total fields [1000] has been exceeded
That is why your log message are not being indexed. You will need to resolve that. Here is an article about that issue: What to Do When You Have 1000+ Fields? | Graylog
Good spot @patrickmann! The Article posted to gets into a good description of what is going on - one thing to check for - if you are automatically pulling in fields (ie. using set_fields() in a pipeline from a regex/GROK) it is possible that you are pulling in field names that are randomly changing and causing the unique field types to go through the roof - something to watch out for…
Hello i have try to increase the limit of total fields to 20000 but in my web interface nothing as change ( i have restart all the 3 services for graylog )
That seems far outside recommendations. If you are still having issues, examine your logs and post them here. There is a whole series of commands for accessing logs here … it also includes commands to examine elasticsearch and present issues it’s having. You can post the results of those here if you are not seeing/understanding what is presented. Properly formatted Text is always preferred over screen shots…