Hmm ok i installed 2.2 rc1 from the scratch and the problem seems to be gone. So i guess it has something to do with the upgrade from 2.1.3 to 2.2 rc1.
Am Mittwoch, 8. Februar 2017 13:22:37 UTC+1 schrieb Ha NN: > > JVM: > > GRAYLOG_SERVER_JAVA_OPTS="-Xms4g -Xmx4g -XX:NewRatio=1 -server > -XX:+ResizeTLAB -XX:+UseConcMarkSweepGC -XX:+CMSConcurrentMTEnabled > -XX:+CMSClassUnloadingEnabled -XX:+UseParNewGC > -XX:-OmitStackTraceInFastThrow" > > Graylog only stuff which is used: > elasticsearch_shards = 4 > elasticsearch_replicas = 0 > elasticsearch_index_prefix = graylog > allow_leading_wildcard_searches = false > allow_highlighting = false > elasticsearch_cluster_name = graylog > elasticsearch_analyzer = standard > output_batch_size = 2000 > output_flush_interval = 1 > output_fault_count_threshold = 5 > output_fault_penalty_seconds = 30 > processbuffer_processors = 10 > outputbuffer_processors = 5 > processor_wait_strategy = blocking > ring_size = 16384 > inputbuffer_ring_size = 16384 > inputbuffer_processors = 2 > inputbuffer_wait_strategy = blocking > message_journal_enabled = true > message_journal_dir = /var/lib/graylog-server/journal > lb_recognition_period_seconds = 3 > mongodb_uri = mongodb://localhost/graylog2 > mongodb_max_connections = 1000 > mongodb_threads_allowed_to_block_multiplier = 5 > content_packs_dir = /usr/share/graylog-server/contentpacks > content_packs_auto_load = grok-patterns.json > > > > Am Mittwoch, 8. Februar 2017 12:56:36 UTC+1 schrieb Jochen Schalanda: >> >> Hi, >> >> this is the start command for Elasticsearch, not Graylog. >> >> Please post the configuration of Graylog and the JVM settings for Graylog >> (see >> http://docs.graylog.org/en/2.1/pages/configuration/file_location.html >> for where to find them). >> >> Cheers, >> Jochen >> >> On Wednesday, 8 February 2017 12:14:41 UTC+1, Ha NN wrote: >>> >>> It has 8 cores, 32GB ram >>> >>> JVM: >>> /usr/bin/java -Xms18g -Xmx18g -Djava.awt.headless=true -XX:+UseParNewGC >>> -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 >>> -XX:+UseCMSInitiatingOccupancyOnly -XX:+HeapDumpOnOutOfMemoryError >>> -XX:+DisableExplicitGC -Dfile.encoding=UTF-8 -Djna.nosys=true >>> -Des.path.home=/usr/share/elasticsearch -cp >>> /usr/share/elasticsearch/lib/elasticsearch-2.4.4.jar:/usr/share/elasticsearch/lib/* >>> >>> org.elasticsearch.bootstrap.Elasticsearch start >>> -Des.pidfile=/var/run/elasticsearch/elasticsearch.pid >>> -Des.default.path.home=/usr/share/elasticsearch >>> -Des.default.path.logs=/var/log/elasticsearch >>> -Des.default.path.data=/var/lib/elasticsearch >>> -Des.default.path.conf=/etc/elasticsearch >>> >>> Am Mittwoch, 8. Februar 2017 11:54:59 UTC+1 schrieb Jochen Schalanda: >>>> >>>> Hi, >>>> >>>> there are quite long GC pauses mentioned in your logs. >>>> >>>> What are the hardware specs of the machine(s) running Graylog and how >>>> did you configure Graylog (also how are the JVM settings)? >>>> >>>> Cheers, >>>> Jochen >>>> >>>> On Wednesday, 8 February 2017 11:43:27 UTC+1, Ha NN wrote: >>>>> >>>>> Hi, >>>>> >>>>> i am testing Graylog 2.2.0-rc.1 with a gelf udp input plugin. I send >>>>> logs with rsyslog into it. I created some grok pattern extractors mostly >>>>> those ones ID=%{DATA:id} >>>>> >>>>> Once created and you want to edit them it takes a very long time to >>>>> load the edit page and it seems graylog stops to process messages as you >>>>> will see the messages in/out counter at the top goes down to 0. >>>>> >>>>> I also noticed that for some messages the extractors does not apply >>>>> but they should. >>>>> >>>>> I have a one node setup. I use multiple indicies for different streams >>>>> (what a great feature!!!) >>>>> >>>>> You will find following in the log: >>>>> >>>>> 2017-02-08T11:11:59.376+01:00 WARN [NodePingThread] Did not find meta >>>>> info of this node. Re-registering. >>>>> 2017-02-08T11:12:02.265+01:00 INFO [jvm] >>>>> [graylog-192b57c1-d456-4817-acff-d460547e7775] [gc][young][172980][17325] >>>>> duration [725ms], collections [1]/[2.8s], total [725ms]/[7m], memory >>>>> [1.7gb]->[1.1gb]/[3.8gb], all_pools {[young] >>>>> [853.1mb]->[204mb]/[1.6gb]}{[survivor] >>>>> [13.7mb]->[42.2mb]/[204.7mb]}{[old] >>>>> [943.2mb]->[943.7mb]/[2gb]} >>>>> 2017-02-08T11:14:27.066+01:00 INFO [ExtractorsResource] Updated >>>>> extractor <7e13da31-ed47-11e6-a18b-b083fec76da6> of type [grok] in input >>>>> <58949a5f6c6c8c6b200a1b3b>. >>>>> 2017-02-08T11:16:28.641+01:00 WARN [NodePingThread] Did not find meta >>>>> info of this node. Re-registering. >>>>> 2017-02-08T11:17:15.605+01:00 INFO [ExtractorsResource] Updated >>>>> extractor <3c954090-ea26-11e6-95c6-b083fec76da6> of type [grok] in input >>>>> <58949a5f6c6c8c6b200a1b3b>. >>>>> >>>>> -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/440b9e68-139e-4b0c-aea2-41f523c793e2%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
