Questions: Why hourly cpu peaks ?

NoxInmortus · December 13, 2021, 3:01pm

Hello, I have 5 graylogs servers running on virtual machines on different hypervisors. Each Graylog have a single Input defined and receive logs without stop. Server will have a cpu peak every hour, coming from a ~5% cpu usage and peaking to ~25/35% cpu usage:

The VMs have these specs:

Debian 10 64bits
6 CPU / 8G RAM
MongoDB standalone 4.2.17
Single node Elasticsearch-OSS 7.10.2 (-Xms2g -Xmx2g)
Graylog 4.1.7 using these importants parameters:

rotation_strategy=time
elasticsearch_max_time_per_index=1d
elasticsearch_max_docs_per_index=20000000
retention_strategy=delete
elasticsearch_shards=1

I’m wondering why is there those hourly CPU peaks, what could be done to not have thoses (or a least decrease their intensity), and if there is some maintenance option/configuration that could be changed related to this ?

Thanks for reading.

gsmith · December 14, 2021, 1:00am

Hello,

Need to ask a couple questions.

I’m assuming those configurations are in graylog configuration file?
Then under System/Indices does it show the same settings?

Have you checked or Tailed you log files ( i.e. Elasticsearch and Graylog) when this occurs?
Did you use TOP and/or HTOP and monitor when this happens? you should see what using so much CPU.
Do you have Elasticsearch and Graylog on the same node?

system · December 28, 2021, 1:00am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.