Hi Wayne, On Friday, 21 October 2016 14:51:55 UTC+2, Wayne wrote: > > I only installed Graylog2 server, Elasticsearch, Mongodb based on the > lastest Graylog2 document. The daily logstash-yyyy.MM.dd was generated, but > I did not install Logstash. Is this normal? >
No, at least that index definitely hasn't been created or touched in any way by Graylog. As far as the option of re-indexing you mentionded, are you saying I can > use the ElasticSearch instance as input, and use log shipper such as > graylog collector sidecar to push the index to graylog server? My concern > is that would duplicate the data. In addition, can graylog collector > sidecar be log shipper in this scenario, or I need to install logstash to > do the job? > Yes, it would naturally duplicate the data and yes, you need Logstash (or any other program being able to read from Elasticsearch and send output to Graylog via GELF) for that. It's not possible to do this with the Graylog Collector Sidecar. Cheers, Jochen -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/5ea2299f-5295-4c5f-9be2-412b5c0d5a73%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
