So I came across something in the documentation the other day that made me do a double take.
https://docs.graylog.org/en/4.1/pages/configuration/server.conf.html?#elasticsearch
specifically…
because in my server.conf file…
# Default: 20
#elasticsearch_max_total_connections = 20
# Maximum number of total connections per Elasticsearch route (normally this means per
# elasticsearch server).
#
# Default: 2
#elasticsearch_max_total_connections_per_route = 2
Now my installation is a few years old, and started from 2.0 and I’m now on 4.1.1 so as things have evolved, my conf file hasn’t and as a result, it seems some of my “default” behaviors, that I may or may not have been expecting to take place, have also changed with the versions.
I don’t recall seeing mention of updated defaults as part of the release notes (which I believe they should be, moving forward). I think it’s important to keep this in mind as you are troubleshooting/reviewing your system because your old (arguably outdated) server.conf file may not list all the latest and greatest settings or the correct default values that are running your Graylog.
I would recommend you all to diff your conf and understand what’s changed between the version you originally installed and what your are currently running. There also may be some new nerd knobs to play with as they exposed more settings.
For those interested… here’s the server.conf from a fresh/clean install of Graylog 4.1.1.
tried to just paste the text, but it put me over the char limit for a post.