Hi Hema, if you're modifying the Elasticsearch indices Graylog externally, you'll have to recalculate the index ranges (System -> Indices -> Maintenance -> Recalculate index ranges).
Cheers, Jochen On Tuesday, 7 April 2015 13:51:28 UTC+2, Hema Kumar wrote: > > Hi Jochen, > If i build a shell script using the API and move the closed indice > files to different location, would a elasticsearch restart is required in > order to refresh itself and the graylog? > > Based on your suggestion, my plan is to grep for closed indices using API > and zip/move all the indices to a different location. > Would this help or should i just copy the file to a different location and > delete the source with the help of curator. > > Any ideas to include log rotation policy roles into elastic search in the > future release. > > Thanks, > Hema > > > On Friday, April 3, 2015 at 3:23:35 PM UTC+5:30, Jochen Schalanda wrote: >> >> Hi Hema, >> >> multi-tiered data retention is currently not supported by Graylog. You >> could probably build something yourself quite quickly using the >> Elasticsearch API directly (e. g. check which indices are already closed >> and then create a snapshot of them). Maybe you could even use Curator ( >> http://www.elastic.co/guide/en/elasticsearch/client/curator/current/about.html) >> >> for that. >> >> Cheers, >> Jochen >> >> On Friday, 3 April 2015 01:35:00 UTC+2, Hema Kumar wrote: >>> >>> Hi, >>> Is there a way to do a log Rotation >>> >>> - My policy is to hold 60 days of indices which was done in the configs, >>> the logs more than 60 days are closed. >>> - The second thing is after 60 days the closed indices should be moved >>> to different drive and should hold it for 120 days but should still be >>> available in graylog for easier access to open and search for it. >>> - The third is after 120 days the logs can be archived using a zip >>> utility and stored in different drive or deleted. >>> >>> * Numbers are just reference. What i am trying to ask is, would graylog >>> be setting such log rotation policy instead of external tools. >>> >>> Really like the tool that is being developed. Thanks Much. >>> >>> Regards, >>> Hema. >>> >> -- You received this message because you are subscribed to the Google Groups "graylog2" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
