First of all some information about my Graylog server:
-MongoDB version: 4.2.3-1.el8
-Elasticsearch version: 6.8.6-1
-Graylog version: 3.2.2-1
They are all on the same VM with Linux CentOS 8.
Now to my question:
Is there a way / option to only check for new logs every 5 minutes, like something you can set in the config?
Or is the option in the Web Interface where you can choose between 1s and 5m exactly that?
If so, is there a way to set it global?
Not too sure what you mean by “check for new logs”.
You can set your search to automatically refresh using that drop-down with the time intervals.
I´ll try to clarify my question.
Like how often does graylog / sidecar check if there are new logs available?
I mean is there like a certain time interval that can be changed or is collecting live, like as soon as there are new logs they are collected?
he @jschulze
I guess you refer to the refresh time setting of the indices of Graylog? Or did you refer to the sidecar starting a filebeat to collect messages?
Maybe you can be a little more clear on this.
thx
If I understood this correctly, you can set “Field typ refresh interval” under System/Indices to like 5m (300s). This way Graylog will pull the logs in intervals of 5m. The graylog sidecar will still collect every log as soon as they are created.
Is that how it works?
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
