On Sep 8, 2016, at 8:49 AM, Fekete, Róbert <robert.fekete@balabit.com> wrote:

Or try to set skip-cluster-health-check(yes) option in your elasticsearch destination: 

https://www.balabit.com/documents/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html/reference-destination-elasticsearch2.html#elasticsearch2-option-elasticsearch2-skip-cluster-health-check

On Thu, Sep 8, 2016 at 2:40 PM, Fabien Wernli <wernli@in2p3.fr> wrote:

Hi Scot,

On Thu, Sep 08, 2016 at 07:32:19AM -0400, Scot Needy wrote:
> [root@meo syslog-ng]# while true;do curl http://localhost:9200/_cat/indices;sleep 5;done
> yellow open syslog-ng_2016.09.08 5 1 1 3 12.7kb 12.7kb

It may be that syslog-ng waits for the cluster to be green.
The most common cause for that is that you configured elasticsearch for too
many replicas that your cluster topology can handle.

If you have only one node, make sure to reduce the number of replicas to 0
for every index [1]

Cheers

[1]
https://www.elastic.co/guide/en/elasticsearch/reference/current/indices-update-settings.html

______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq