Hi All,
I am able to search logs till 14 days in graylog but if I search for 30 days or 60 days it prompt could not execute search error. Please help me to solve this problem.
Graylog version - 2.4.6
Elasticsearch - 5.6
Thanks in advace.
Also sometimes working for 60 days or 30 days but not always. Not able to understand the exact reason why it’s happening.
Did you check your Server logs?
I guess that your Elasticsearch is not able to run the search on the amount of data you have.
what configuration I need to do so that Elasticsearch will search the data more than 14 days.
But @jan sometimes it print the value when I search for logs more than 14 days.
It is more than the resources your cluster has available will not be enough for elasticsearch to sort your data.
But that is just guessing. Did you measure the performance?
Measuring the performance means @jan ? I mean how can we measure the performance.
Also @jan sometimes it’s working when I search logs for more than 14 days but sometimes not.
sometimes it’s working when I search logs for more than 14 days but sometimes not.
For me, that is a sign that your Elasticsearch server has not enough resources to lookup all data and make the search a success in the given time.
Measuring the performance means
Write performance data of Graylog and Elasticsearch to any kind of metric system - like Influx or Graphite and build graphs on the most important data.
How much RAM did the servers have? How much RAM you define for the Elasticsearch JVM? How many Elasticsearch servers did you have and is Elasticsearch the only running application on them? Finally, what amount of data are we talking about?
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.