Process buffer & output buffer is showing 100%

Process buffer & output buffer is showing 100% , how to delete it any clue?

Hi there. First things first, please take a moment to read over the Community Guidelines. When posting, it’s a best practice to:

  • Be descriptive about the issue you’re facing
  • Post screenshots of what you’re seeing
  • Share logs that might indicate what the issue is
  • Share (redacted) config files

It’s quite difficult to help when there’s literally no information provided for anyone to go off of.

Second, you categorically DO NOT want to delete those buffers unless you really want to lose logs. If your output buffer is full, then it’s likely that Elasticsearch is having a problem. Some basic sysadminery will go a long way here. For example:

  • Look at System–>Overview, does it indicate that the Elasticsearch cluster is unhealthy?
  • Check the logs (both Graylog and Elasticsearch) and provide recent log output as mentioned above
  • Test the connection between Graylog and Elasticsearch using something like nc (netcat)
  • Check the health of the Elasticsearch cluster using curl -X GET "localhost:9200/_cluster/health?pretty"

Getting the basic information should be good enough to start pointing you toward what the actual issue is.

1 Like

Hi ,
here is the curl command out and system overview details.

[techm@NetopsVM01-Master ~]$ curl -X GET “10.200.11.87:30009/_cluster/health?pretty”

Graylog Web Interface
<script src="http://10.200.11.88:30009/assets/vendor.8d6aa5835c8302c41e2f.js"></script>

<script src="http://10.200.11.88:30009/assets/polyfill.a49ba8ace624afae35ed.js"></script>

<script src="http://10.200.11.88:30009/assets/builtins.a49ba8ace624afae35ed.js"></script>

<script src="http://10.200.11.88:30009/assets/plugin/org.graylog.plugins.threatintel.ThreatIntelPlugin/plugin.org.graylog.plugins.threatintel.ThreatIntelPlugin.9ce4edb0d21dc719c558.js"></script>

<script src="http://10.200.11.88:30009/assets/plugin/org.graylog.plugins.collector.CollectorPlugin/plugin.org.graylog.plugins.collector.CollectorPlugin.b9314e4c321cdda77766.js"></script>

<script src="http://10.200.11.88:30009/assets/plugin/org.graylog.aws.AWSPlugin/plugin.org.graylog.aws.AWSPlugin.9ea101840e9c7f444808.js"></script>

<script src="http://10.200.11.88:30009/assets/app.a49ba8ace624afae35ed.js"></script>
[techm@NetopsVM01-Master ~]$

Elasticsearch cluster is green. Shards: 33 active, 0 initializing, 0 relocating, 0 unassigned, What does this mean?

i have used helm chart to do the installtion of graylog ,logstash and elstic search components .
may i know the log path to share the data for analysis.

image

lits on operator]
[2021-05-25T15:00:56,435][WARN ][o.e.d.c.ParseField ] [Q1iw6UL] Deprecated field [disable_coord] used, replaced by [disable_coord has been removed]
[2021-05-25T15:00:57,010][WARN ][o.e.d.c.ParseField ] [Q1iw6UL] Deprecated field [use_dis_max] used, replaced by [Set [tie_breaker] to 1 instead]
[2021-05-25T15:00:57,010][WARN ][o.e.d.c.ParseField ] [Q1iw6UL] Deprecated field [auto_generate_phrase_queries] used, replaced by [This setting is ignored, use [type=phrase] instead to make phrase queries out of all text that is within query operators, or use explicitly quoted strings if you need finer-grained control]
[2021-05-25T15:00:57,010][WARN ][o.e.d.c.ParseField ] [Q1iw6UL] Deprecated field [split_on_whitespace] used, replaced by [This setting is ignored, the parser always splits on operator]
[2021-05-25T15:00:57,011][WARN ][o.e.d.c.ParseField ] [Q1iw6UL] Deprecated field [disable_coord] used, replaced by [disable_coord has been removed]
[2021-05-25T15:00:57,686][WARN ][o.e.d.c.ParseField ] [Q1iw6UL] Deprecated field [disable_coord] used, replaced by [disable_coord has been removed]
[2021-05-25T15:00:58,482][WARN ][o.e.d.c.ParseField ] [Q1iw6UL] Deprecated field [use_dis_max] used, replaced by [Set [tie_breaker] to 1 instead]
[2021-05-25T15:00:58,482][WARN ][o.e.d.c.ParseField ] [Q1iw6UL] Deprecated field [auto_generate_phrase_queries] used, replaced by [This setting is ignored, use [type=phrase] instead to make phrase queries out of all text that is within query operators, or use explicitly quoted strings if you need finer-grained control]
[2021-05-25T15:00:58,482][WARN ][o.e.d.c.ParseField ] [Q1iw6UL] Deprecated field [split_on_whitespace] used, replaced by [This setting is ignored, the parser always splits on operator]
[2021-05-25T15:00:58,483][WARN ][o.e.d.c.ParseField ] [Q1iw6UL] Deprecated field [disable_coord] used, replaced by [disable_coord has been removed]
[2021-05-25T15:01:25,821][INFO ][o.e.c.m.MetaDataDeleteIndexService] [Q1iw6UL] [graylog_1627/8_wN94sWT9SP4nsWdY0Qfw] deleting index
[2021-05-25T16:00:05,221][WARN ][o.e.d.a.a.i.t.p.PutIndexTemplateRequest] [Q1iw6UL] Deprecated field [template] used, replaced by [index_patterns]
[2021-05-25T16:00:05,298][INFO ][o.e.c.m.MetaDataIndexTemplateService] [Q1iw6UL] adding template [graylog-internal] for index patterns [graylog_*]
[2021-05-25T16:00:05,398][INFO ][o.e.c.m.MetaDataCreateIndexService] [Q1iw6UL] [graylog_1627] creating index, cause [api], templates [graylog-internal], shards [1]/[0], mappings [message]
[2021-05-25T16:00:05,716][INFO ][o.e.c.r.a.AllocationService] [Q1iw6UL] Cluster health status changed from [YELLOW] to [GREEN] (reason: [shards started [[graylog_1627][0]] …]).
[2021-05-25T16:01:25,516][INFO ][o.e.c.m.MetaDataDeleteIndexService] [Q1iw6UL] [graylog_1627/hjJf-rD_RDuhP6EybSNbrQ] deleting index
[2021-05-25T16:18:47,286][WARN ][o.e.d.c.ParseField ] [Q1iw6UL] Deprecated field [disable_coord] used, replaced by [disable_coord has been removed]
[2021-05-25T16:18:47,288][WARN ][o.e.d.c.ParseField ] [Q1iw6UL] Deprecated field [disable_coord] used, replaced by [disable_coord has been removed]
[2021-05-25T16:18:47,289][WARN ][o.e.d.c.ParseField ] [Q1iw6UL] Deprecated field [disable_coord] used, replaced by [disable_coord has been removed]
[2021-05-25T16:18:47,289][WARN ][o.e.d.c.ParseField ] [Q1iw6UL] Deprecated field [disable_coord] used, replaced by [disable_coord has been removed]
[2021-05-25T16:18:47,289][WARN ][o.e.d.c.ParseField ] [Q1iw6UL] Deprecated field [disable_coord] used, replaced by [disable_coord has been removed]
[2021-05-25T16:18:47,290][WARN ][o.e.d.c.ParseField ] [Q1iw6UL] Deprecated field [disable_coord] used, replaced by [disable_coord has been removed]
[techm@NetopsVM01-Master ~]$

Hi there,

I don’t intend this to come across as being difficult, but please read the Community Guidelines. Specifically the portion about formatting your posts with Markdown. . Those guidelines help make it easier for you to get assistance from folks in the community, and properly formatting your post makes it easier for folks to read your posts (especially console output). If you’re not familiar with using Markdown, you can use the Code button in the editor:

Since you’re using Kubernetes, I’ll refer you to kubectl’s documentation. It might also help to provide us with the specs you’ve allocated to each pod.

2 Likes

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.