[graylog2] Re: Log Rotation
Hi Jochen, That worked great, i archived the data using the copy and no downtime, Thanks Much for your help. I tried to copy back the data and changed the ownership to elasticsearch, but the indice was not shown in elasticsearch yet. I tried to refresh the whole indice, but no luck. I closed one of the open indice, which was closed successfully and the backed up indice that i copied was also shown. I then recalculated the index in graylog to show the index. Is there any other function/operation that can help me to show the indice in elasticsearch after it is copied back. Am i missing something. Regards, Hema. On Wednesday, April 8, 2015 at 2:37:53 PM UTC+5:30, Jochen Schalanda wrote: Hi Hema, if you're modifying the Elasticsearch indices Graylog externally, you'll have to recalculate the index ranges (System - Indices - Maintenance - Recalculate index ranges). Cheers, Jochen On Tuesday, 7 April 2015 13:51:28 UTC+2, Hema Kumar wrote: Hi Jochen, If i build a shell script using the API and move the closed indice files to different location, would a elasticsearch restart is required in order to refresh itself and the graylog? Based on your suggestion, my plan is to grep for closed indices using API and zip/move all the indices to a different location. Would this help or should i just copy the file to a different location and delete the source with the help of curator. Any ideas to include log rotation policy roles into elastic search in the future release. Thanks, Hema On Friday, April 3, 2015 at 3:23:35 PM UTC+5:30, Jochen Schalanda wrote: Hi Hema, multi-tiered data retention is currently not supported by Graylog. You could probably build something yourself quite quickly using the Elasticsearch API directly (e. g. check which indices are already closed and then create a snapshot of them). Maybe you could even use Curator ( http://www.elastic.co/guide/en/elasticsearch/client/curator/current/about.html) for that. Cheers, Jochen On Friday, 3 April 2015 01:35:00 UTC+2, Hema Kumar wrote: Hi, Is there a way to do a log Rotation - My policy is to hold 60 days of indices which was done in the configs, the logs more than 60 days are closed. - The second thing is after 60 days the closed indices should be moved to different drive and should hold it for 120 days but should still be available in graylog for easier access to open and search for it. - The third is after 120 days the logs can be archived using a zip utility and stored in different drive or deleted. * Numbers are just reference. What i am trying to ask is, would graylog be setting such log rotation policy instead of external tools. Really like the tool that is being developed. Thanks Much. Regards, Hema. -- You received this message because you are subscribed to the Google Groups graylog2 group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Re: Log Rotation
Hi Hema, if you're modifying the Elasticsearch indices Graylog externally, you'll have to recalculate the index ranges (System - Indices - Maintenance - Recalculate index ranges). Cheers, Jochen On Tuesday, 7 April 2015 13:51:28 UTC+2, Hema Kumar wrote: Hi Jochen, If i build a shell script using the API and move the closed indice files to different location, would a elasticsearch restart is required in order to refresh itself and the graylog? Based on your suggestion, my plan is to grep for closed indices using API and zip/move all the indices to a different location. Would this help or should i just copy the file to a different location and delete the source with the help of curator. Any ideas to include log rotation policy roles into elastic search in the future release. Thanks, Hema On Friday, April 3, 2015 at 3:23:35 PM UTC+5:30, Jochen Schalanda wrote: Hi Hema, multi-tiered data retention is currently not supported by Graylog. You could probably build something yourself quite quickly using the Elasticsearch API directly (e. g. check which indices are already closed and then create a snapshot of them). Maybe you could even use Curator ( http://www.elastic.co/guide/en/elasticsearch/client/curator/current/about.html) for that. Cheers, Jochen On Friday, 3 April 2015 01:35:00 UTC+2, Hema Kumar wrote: Hi, Is there a way to do a log Rotation - My policy is to hold 60 days of indices which was done in the configs, the logs more than 60 days are closed. - The second thing is after 60 days the closed indices should be moved to different drive and should hold it for 120 days but should still be available in graylog for easier access to open and search for it. - The third is after 120 days the logs can be archived using a zip utility and stored in different drive or deleted. * Numbers are just reference. What i am trying to ask is, would graylog be setting such log rotation policy instead of external tools. Really like the tool that is being developed. Thanks Much. Regards, Hema. -- You received this message because you are subscribed to the Google Groups graylog2 group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Re: Log Rotation
Hi Jochen, If i build a shell script using the API and move the closed indice files to different location, would a elasticsearch restart is required in order to refresh itself and the graylog? Based on your suggestion, my plan is to grep for closed indices using API and zip/move all the indices to a different location. Would this help or should i just copy the file to a different location and delete the source with the help of curator. Any ideas to include log rotation policy roles into elastic search in the future release. Thanks, Hema On Friday, April 3, 2015 at 3:23:35 PM UTC+5:30, Jochen Schalanda wrote: Hi Hema, multi-tiered data retention is currently not supported by Graylog. You could probably build something yourself quite quickly using the Elasticsearch API directly (e. g. check which indices are already closed and then create a snapshot of them). Maybe you could even use Curator ( http://www.elastic.co/guide/en/elasticsearch/client/curator/current/about.html) for that. Cheers, Jochen On Friday, 3 April 2015 01:35:00 UTC+2, Hema Kumar wrote: Hi, Is there a way to do a log Rotation - My policy is to hold 60 days of indices which was done in the configs, the logs more than 60 days are closed. - The second thing is after 60 days the closed indices should be moved to different drive and should hold it for 120 days but should still be available in graylog for easier access to open and search for it. - The third is after 120 days the logs can be archived using a zip utility and stored in different drive or deleted. * Numbers are just reference. What i am trying to ask is, would graylog be setting such log rotation policy instead of external tools. Really like the tool that is being developed. Thanks Much. Regards, Hema. -- You received this message because you are subscribed to the Google Groups graylog2 group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
