Or try to set skip-cluster-health-check(yes) option in your elasticsearch destination: https://www.balabit.com/documents/syslog-ng-ose-latest-guides/en/syslog-ng-o... On Thu, Sep 8, 2016 at 2:40 PM, Fabien Wernli <wernli@in2p3.fr> wrote:
Hi Scot,
On Thu, Sep 08, 2016 at 07:32:19AM -0400, Scot Needy wrote:
[root@meo syslog-ng]# while true;do curl http://localhost:9200/_cat/ indices;sleep 5;done yellow open syslog-ng_2016.09.08 5 1 1 3 12.7kb 12.7kb
It may be that syslog-ng waits for the cluster to be green. The most common cause for that is that you configured elasticsearch for too many replicas that your cluster topology can handle.
If you have only one node, make sure to reduce the number of replicas to 0 for every index [1]
Cheers
[1] https://www.elastic.co/guide/en/elasticsearch/reference/ current/indices-update-settings.html
____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/? product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq