Process buffers utilization is 100%

(Mihail Politaev) #1

Hello to all!

Graylog journal was 100% utilized and process buffers are full with 65535 message in it. While Input and Output buffer was 0 loaded.

I looked further and determine that one of extractors on “Global beats” input took about 5 sec max time to process messages, once it was deleted - process buffers utilization dropped fast to 0-10%.

That extractor should separate to fields php-fpm access log. But messages come to “Global beats” input are not only php-fpm access logs messages and there an extra work doing by extractors as they trying extract each message receiving by “Global beats” input.

Is there a better way extract fields from messages in Graylog?

Thank you.

(Jan Doberstein) #2

yes the better way would be using the processing pipelines. As you are able to decide granular what messages should what normalization run on.

1 Like
(Mihail Politaev) #3

Will try, thank you!