Last week my disk of graylog was full, I erased this morning some old index an graylog restart.
However, I had only log of 2 devices and not for the other. on node I have unprocessed messages.
I also check my elasticsearch (health of cluster and shards (no unassigned shards) and my graylog everything seem good,
for the graylog log I have this message
[NettyTransport] receiveBufferSize (SO_RCVBUF) for inp ut GELFUDPInput{title=gelf_udp, type=org.graylog2.inputs.gelf.udp.GELFUDPInput, nodeId=d72 f8e38-8cbe-4da8-9fe3-0d9f07b4478a} should be 262144 but is 212992
I also erase the folder journal in /var/lib/graylog-server
Could you give me some advices to solve my problem
I have the same message(s) in my log.
It seems, they only appear on VMs. My Graylog host is running on ESXi 6.5. I wouldn’t worry about it, unless the input works and messages are stored and processed.
[NettyTransport] receiveBufferSize (SO_RCVBUF) for inp ut GELFUDPInput{title=gelf_udp, type=org.graylog2.inputs.gelf.udp.GELFUDPInput, nodeId=d72 f8e38-8cbe-4da8-9fe3-0d9f07b4478a} should be 262144 but is 212992
You have set the buffers for GELF to a value that is not allowed to be used by the Graylog user - most time due to restrictions at the OS level.
I have ever tried this solution but that don’t work, after deleted the directory of journal, I restarted the graylog service but that create a new directory journal.
did you recover your log?
I haven’t a vm but a physical computer
thanks for your response, to fix the problem of the buffer I have type this command :
sysctl -w net.core.rmem_max=262144
that fix 2 error but not the gelf.
Perhaps it’s a mongo error because I receive some log in a stream but not in the search, and in the stream I have no indice
, after did System > Indices > INDEX_NAME > Maintenance > recalculate index range all the messages appears