Process buffer, 100.00% utilized

lukef · March 7, 2022, 8:52am

Hi Team,
We have been running graylog for sometime but suddenly overnight we are finding the process buffer is 100% utlised. Both the input and output buffer are at 0% and we are finding no messages in the search.
Elastic search seems to be fine and there are no errors in server.log that stands out.
Any ideas where we should be looking.
I’m wondering if it is because of the version of es we are running. We are running 7.16.2 and have been for since December with no issues.
Reading the documentation it mentions graylog supports es 7.x but I have since found we shouldn’t go above 7.10 which isn’t very clear in the documentation. Is this correct?

anyway looking forward to any pointers.
Cheers

gsmith · March 8, 2022, 11:18pm

Hello @lukef

Did you check you Elasticsearch?
ES Health Check
curl -XGET http://127.0.0.1:9200/_cluster/health?pretty=true
Check Shards
curl -XGET http://127.0.0.1:9200/_cat/shards
If you do find something wrong you can execute this to find out why.
ES Shard Info
curl -XGET http://127.0.0.1:9200/_cluster/allocation/explain?pretty

Is you journal full?
How many logs are ingested during this time?
What are you’re buffer settings set as?
Have you tried to increase the Processor Buffer ?

system · March 22, 2022, 11:19pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Input Buffer: 100%, Process Buffer 100%, Output Buffer: 0% Graylog Central (peer support)	3	1915	July 31, 2020
Process buffer & output buffer is showing 100% Graylog Central (peer support)	5	1585	June 8, 2021
Performace Problems Graylog Central (peer support)	5	504	December 6, 2019
Graylog CPU spiked to 500% and ES seems slow Graylog Central (peer support)	6	1269	March 18, 2019
Process and output buffers are full Graylog Central (peer support)	19	7710	November 30, 2020

Process buffer, 100.00% utilized

Related Topics