Hi Wayne, On Thursday, 20 October 2016 18:13:21 UTC+2, Wayne wrote: > > That probably requires setup of additional Graylog server plus installing > logstach as log shipper? >
No, you can read from the same Elasticsearch cluster and write into the same Graylog instance. I can see two types of indexes in /var/lib/elasticsearch/graylog/nodes > > (1) graylog_x > > (2) logstash-yyyy.MM.dd > > What is the relationship between between these two types of indexes, and > if the configuration is set up to delete old indexes, which indexes will be > deleted? > The first one, graylog_*, is managed by Graylog, the latter is being created and written into by logstash (depending on the configuration). Graylog doesn't have to do anything with the latter one and can't read from it. Cheers, Jochen -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/8f9ac4e3-e92c-4b6c-8f0c-d33635a0f51f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
