Good point. I saw that and thought this entry in syslog-ng.conf would address the health. It was already in there before I sent the msg. skip-cluster-health-check("yes”) That entry seems to have no effect. I’ll try setting it on the es side.
On Sep 8, 2016, at 8:49 AM, Fekete, Róbert <robert.fekete@balabit.com> wrote:
Or try to set skip-cluster-health-check(yes) option in your elasticsearch destination: https://www.balabit.com/documents/syslog-ng-ose-latest-guides/en/syslog-ng-o... <https://www.balabit.com/documents/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html/reference-destination-elasticsearch2.html#elasticsearch2-option-elasticsearch2-skip-cluster-health-check>
On Thu, Sep 8, 2016 at 2:40 PM, Fabien Wernli <wernli@in2p3.fr <mailto:wernli@in2p3.fr>> wrote: Hi Scot,
On Thu, Sep 08, 2016 at 07:32:19AM -0400, Scot Needy wrote:
[root@meo syslog-ng]# while true;do curl http://localhost:9200/_cat/indices;sleep <http://localhost:9200/_cat/indices;sleep> 5;done yellow open syslog-ng_2016.09.08 5 1 1 3 12.7kb 12.7kb
It may be that syslog-ng waits for the cluster to be green. The most common cause for that is that you configured elasticsearch for too many replicas that your cluster topology can handle.
If you have only one node, make sure to reduce the number of replicas to 0 for every index [1]
Cheers
[1] https://www.elastic.co/guide/en/elasticsearch/reference/current/indices-upda... <https://www.elastic.co/guide/en/elasticsearch/reference/current/indices-update-settings.html>
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng <https://lists.balabit.hu/mailman/listinfo/syslog-ng> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng <http://www.balabit.com/support/documentation/?product=syslog-ng> FAQ: http://www.balabit.com/wiki/syslog-ng-faq <http://www.balabit.com/wiki/syslog-ng-faq>