Hi
I installed Graylog 2.4.6 all things is ok. Elasticsearch cluster is in green state. I configured rotation strategy to “count” and elasticsearch_max_docs_per_index value is 20,000,000 message per index. My problem is: when index size reach to 7.4GB after a few seconds it decreased to 5GB and increase again to 7.4GB. what’s your idea? Please help me!
he @niki1365
that is considered to be normal within Elasticsearch. I didn’t find a nice to read description about the process, but you will be able to find.
In short: Elasticsearch writes the incoming data unsorted and unstructured to disk and run periodical cleanup jobs that sort the data.
1 Like
Thank you jan. I thought that this behavior was due to improper configurations but when i track log numbers during multiple hours i resulted that it is a normal behavior and i had not any data loss and all logs save properly.
Best Regards
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.