Dear Community
I use Graylog 2.4.6 (I will update it to 2.5.1 soon).
I got this error message but I solved it. The problem My graylog was not connected for 14 days and I did not know it.
Where is this type of message stored on the server? where are the logs of the system graylog located?
Or how can I do to be warned quickly if notifications like this happens again ?
For notification errors such as “Journal Utilization is too high” or “Uncommited messages deleted from journal”
Thank you 
Default locations for files used by Graylog can be found in the documentation here:
https://docs.graylog.org/en/2.4/pages/configuration/file_location.html?highlight=file%20locations
As for monitoring the journal or buffer utilisation, you can see their usage stats in:
System > Nodes > Details
AFAIK, Graylog does not have anything built-in to send an alert for these issues (other than the alert given in the Web UI).
You could ingest the server.log file into graylog and then build alerts from those messages or you could setup an external system which pulls in metrics from the graylog api and have that perform your alerts (This is what I do.)
I’d recommend the latter, I’ve never tried ingesting the GL server.log into GL itself but also, in the event that ES becomes unavailable or message processing time is increased, you could be alerted of the issue far later than it occurs or not alerted at all.
I’d recommend the latter, I’ve never tried ingesting the GL server.log into GL itself but also, in the event that ES becomes unavailable or message processing time is increased, you could be alerted of the issue far later than it occurs or not alerted at all.
this can kill your Graylog at times when you really want to have it working … imagine your environment is logging shit load of messages, your Graylog having issues ingest to elasticsearch and logging this into the server.log … now that is ingested to Graylog and you start the wheel that will kill everything.
Thank you for your answer.
Of course, but before posting, I found in the documentation the location of many log files. But in the log files, I can not find the notification message “Utilization is too high” and “Uncommited messages deleted from journal”.
I want to know if it is possible to have the contents of System> Nodes> Details in a log file.
Have a good day 
That is why I said I suggest the latter… The latter being pulling the metrics from the API into an external application and monitoring from there
Ok thank you so much,
Can we talk privately about this API please ?
The API is built into Graylog itself.
If you go into System > Nodes > API Browser, a new page will open that will show you all of the API calls that are available.
Okey,
Thank you ;). Have a good day
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
