<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">Good point. I saw that and thought this entry in syslog-ng.conf would address the health. It was already in there before I sent the msg. <div class=""><br class=""></div><div class=""> <span class="Apple-tab-span" style="white-space:pre"> </span>skip-cluster-health-check("yes”)</div><div class=""><br class=""></div><div class="">That entry seems to have no effect. I’ll try setting it on the es side. </div><div class=""><br class=""></div><div class=""><div class=""><br class=""><div><blockquote type="cite" class=""><div class="">On Sep 8, 2016, at 8:49 AM, Fekete, Róbert <<a href="mailto:robert.fekete@balabit.com" class="">robert.fekete@balabit.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div dir="ltr" class="">Or try to set skip-cluster-health-check(yes) option in your elasticsearch destination: <div class=""><a href="https://www.balabit.com/documents/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html/reference-destination-elasticsearch2.html#elasticsearch2-option-elasticsearch2-skip-cluster-health-check" class="">https://www.balabit.com/documents/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html/reference-destination-elasticsearch2.html#elasticsearch2-option-elasticsearch2-skip-cluster-health-check</a><br class=""></div><div class=""><br class=""></div><div class=""><br class=""></div></div><div class="gmail_extra"><br class=""><div class="gmail_quote">On Thu, Sep 8, 2016 at 2:40 PM, Fabien Wernli <span dir="ltr" class=""><<a href="mailto:wernli@in2p3.fr" target="_blank" class="">wernli@in2p3.fr</a>></span> wrote:<br class=""><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi Scot,<br class="">
<span class=""><br class="">
On Thu, Sep 08, 2016 at 07:32:19AM -0400, Scot Needy wrote:<br class="">
> [root@meo syslog-ng]# while true;do curl <a href="http://localhost:9200/_cat/indices;sleep" rel="noreferrer" target="_blank" class="">http://localhost:9200/_cat/<wbr class="">indices;sleep</a> 5;done<br class="">
</span><span class="">> yellow open syslog-ng_2016.09.08 5 1 1 3 12.7kb 12.7kb<br class="">
<br class="">
</span>It may be that syslog-ng waits for the cluster to be green.<br class="">
The most common cause for that is that you configured elasticsearch for too<br class="">
many replicas that your cluster topology can handle.<br class="">
<br class="">
If you have only one node, make sure to reduce the number of replicas to 0<br class="">
for every index [1]<br class="">
<br class="">
Cheers<br class="">
<br class="">
[1]<br class="">
<a href="https://www.elastic.co/guide/en/elasticsearch/reference/current/indices-update-settings.html" rel="noreferrer" target="_blank" class="">https://www.elastic.co/guide/<wbr class="">en/elasticsearch/reference/<wbr class="">current/indices-update-<wbr class="">settings.html</a><br class="">
<br class="">
______________________________<wbr class="">______________________________<wbr class="">__________________<br class="">
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank" class="">https://lists.balabit.hu/<wbr class="">mailman/listinfo/syslog-ng</a><br class="">
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank" class="">http://www.balabit.com/<wbr class="">support/documentation/?<wbr class="">product=syslog-ng</a><br class="">
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank" class="">http://www.balabit.com/wiki/<wbr class="">syslog-ng-faq</a><br class="">
<br class="">
<br class="">
</blockquote></div><br class=""></div>
</div></blockquote></div><br class=""></div></div></body></html>