[syslog-ng] Help! CentOS 7 ELK Stack from repos no index data.
Scot Needy
scotrn at gmail.com
Thu Sep 8 15:11:55 CEST 2016
Good point. I saw that and thought this entry in syslog-ng.conf would address the health. It was already in there before I sent the msg.
skip-cluster-health-check("yes”)
That entry seems to have no effect. I’ll try setting it on the es side.
> On Sep 8, 2016, at 8:49 AM, Fekete, Róbert <robert.fekete at balabit.com> wrote:
>
> Or try to set skip-cluster-health-check(yes) option in your elasticsearch destination:
> https://www.balabit.com/documents/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html/reference-destination-elasticsearch2.html#elasticsearch2-option-elasticsearch2-skip-cluster-health-check <https://www.balabit.com/documents/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html/reference-destination-elasticsearch2.html#elasticsearch2-option-elasticsearch2-skip-cluster-health-check>
>
>
>
> On Thu, Sep 8, 2016 at 2:40 PM, Fabien Wernli <wernli at in2p3.fr <mailto:wernli at in2p3.fr>> wrote:
> Hi Scot,
>
> On Thu, Sep 08, 2016 at 07:32:19AM -0400, Scot Needy wrote:
> > [root at meo syslog-ng]# while true;do curl http://localhost:9200/_cat/indices;sleep <http://localhost:9200/_cat/indices;sleep> 5;done
> > yellow open syslog-ng_2016.09.08 5 1 1 3 12.7kb 12.7kb
>
> It may be that syslog-ng waits for the cluster to be green.
> The most common cause for that is that you configured elasticsearch for too
> many replicas that your cluster topology can handle.
>
> If you have only one node, make sure to reduce the number of replicas to 0
> for every index [1]
>
> Cheers
>
> [1]
> https://www.elastic.co/guide/en/elasticsearch/reference/current/indices-update-settings.html <https://www.elastic.co/guide/en/elasticsearch/reference/current/indices-update-settings.html>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng <https://lists.balabit.hu/mailman/listinfo/syslog-ng>
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng <http://www.balabit.com/support/documentation/?product=syslog-ng>
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq <http://www.balabit.com/wiki/syslog-ng-faq>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20160908/c6a83568/attachment.htm
More information about the syslog-ng
mailing list