Dashboard retention > source logs retention

Hi,

I want to use a log aggregation system to gather a lot of logs, and then build dashboards on them (metrics mainly, e.g. num 4XX errors, num 5XX errors).

I don’t want the retention on the source raw logs to be long (maybe 5 days), but i want a historic database of the values of these metrics (e.g. num 4XX errors graphed for last 6 months).

Is this possible? any pointers will be useful.

Thanks

You can create two index sets: one for the raw data and one for calculated metrics. Then set different retention settings for them.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.