4/21/2023 0 Comments Graylog convert mac addressThe most important setting in your Elasticsearch configuration is to set network.host to your network IP address so that it can be reached from your Graylog node. The first should be set to the IP address of your Elasticsearch node and the last to the IP of your Graylog node that can be reached by the Elasticsearch node. ADDING ELASTICSEARCH NODESįor adding to Elasticsearch, you will only need to adjust elasticsearch_discovery_zen_ping_unicast_hosts and elasticsearch_network_host in your Graylog `nf`. For our environment, we set output_batch_size to 5000 and outputbuffer_processors to 3 with a 31 GB heap memory for the Elasticsearch node. The settings for output batch size and output buffer processors will vary depending on your environment. Next, in your Graylog `nf`, you can increase output_batch_size and adjust outputbuffer_processors to allow larger batches to be sent over fewer processors. By setting refresh_interval to 30 seconds in your Elasticsearch configuration, you can increase your Elasticsearch performance by up to 70%. There are additional settings that can also be tuned. This will allow the Java Process to use more of the available resources. Start by raising the java heap size of Elasticsearch and the java heap size of Graylog. EXTENDING CURRENT SETUPīefore adding another server, you might try to get the max out of your current resources. In addition, we’ll point out useful tips along the way. For those that are new Graylog users, this guide will also help with your initial setup of a Graylog cluster. This will be useful for those who have followed our single server setup guide and are now noticing an increase in incoming data and need additional servers. In our second Back to Basics post, we’ll walk through the process of scaling your environment from one Graylog server to a Graylog cluster.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |