Did Graylog change the way Outgoing traffic is calculated in the 5.2.X releases in the past few months? I’ve seen a large increase in the outgoing traffic and the only thing I can figure out is that it’s now calculating index replicas as well.
For example:
the sum of gl2_accounted_message_size for yesterday is 193,271,144,736. But the outgoing traffic is reporting 428.4G. Most of my indexes have 2 replicas.
gl2_accounted_message_size is different from outgoing traffic. The latter includes any enrichment that happens in GL.
Replicas should not have any effect on outgoing traffic, as far as I know.
Thanks for the information. I believe I found the culprit. It appears an update with Google or with beats caused the G suite beats plugin to continuously pull the available Google logs over and over.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
