Support Questions
Find answers, ask questions, and share your expertise

Squid data indexed to elasticsearch only when metron services restarted

Explorer

I have a running HCP 1.9.1 with standalone squid as sample demo log,

If I trigger new log: squidclient -h 127.0.0.1 "http://www.atmape.ru"

I don't see it right away in Kibana, but if I restart metron services in Ambari, I see it gets indexed,


See below the new one is squid_index_2019.05.09.21 after metron restart in progress..

108593-2019-05-09-221157.png


perhaps it is a default behavior to buffer it and delay the indexing process?

Where can I find this settings?


I thought it should be coming in right away?


But I'm more suspicious that I'm missing something here...

thanks for the help!