[graylog2] Re: Does Graylog server save a copy of the original log messages before indexing the message
Hi Wayne, On Thursday, 20 October 2016 16:43:46 UTC+2, Wayne wrote: > > Is there a way to convert them back to original text messages? > That depends on the type of input. But it's safe to assume that it's not possible. Cheers, Jochen -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/f2fc602a-cca2-4209-b55d-fdf2800fc7d7%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Re: Does Graylog server save a copy of the original log messages before indexing the message
Hi Jochen, Just want to explore a bit further. These messages are now in binary format, and it seems to be parsed already. Is there a way to convert them back to original text messages? or there is no way to convert it back to original text form? I am asking the question on behalf of one of my colleague who was thinking about retrieving information from the consolidated data (log messages from multiple source). Thanks, Wayne On Thursday, October 20, 2016 at 6:16:14 AM UTC-4, Jochen Schalanda wrote: > > Hi Wayne, > > On Wednesday, 19 October 2016 21:28:25 UTC+2, Wayne wrote: >> >> Let's say we send a query and search a couple of records, now we would >> like to retrieve the original text message. Does Graylog keep the original >> copy of the log message? >> > > No, it doesn't. > > > In addition, the disk based journal seems to keep some data, but not >> completely visible. Are those the copy of the messages? >> > > Basically yes. The disk journal contains the raw binary message received > by an input until a codec decodes the message and indexes it into > Elasticsearch. > > Cheers, > Jochen > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/e5e308d4-7fab-4952-9d19-859db6f4f1a7%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Re: Does Graylog server save a copy of the original log messages before indexing the message
Hi Wayne, On Wednesday, 19 October 2016 21:28:25 UTC+2, Wayne wrote: > > Let's say we send a query and search a couple of records, now we would > like to retrieve the original text message. Does Graylog keep the original > copy of the log message? > No, it doesn't. In addition, the disk based journal seems to keep some data, but not > completely visible. Are those the copy of the messages? > Basically yes. The disk journal contains the raw binary message received by an input until a codec decodes the message and indexes it into Elasticsearch. Cheers, Jochen -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/14df9496-d843-4a67-a0f5-9e597799b2cc%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
