Hello,
I would like to delete logs in Graylog server. Because for the moment I collect many messages put I didn’t use them because it’s for test. So, I would like to delete them to avoid unnecessary loading of the hard disk before putting into production.
How long the logs are kept by default.
Thanks
please check your index configuration over at ‘System > indices’ that will reveal your local settings. In addition you are able to change them.
thanks
I’ve already see the system>indices part, but we don’t have duration. For example, stock the logs 1 week
You could also manually delete all indices you don’t want to keep anymore on the System/Indices page and sub-pages.
yes but, it’s possible to store the logs for one week, or one year ?
Yes, you can configure this in the rotation and retention strategy for each index set.
http://docs.graylog.org/en/2.4/pages/configuration/index_model.html
thanks, I have found the parameter for stock the log for a year.
But, don’t understand the role of the index set, because it’s possible to create many index and we don’t choose the strategy for logs
The relation between index sets, indices, and messages is explained in the documentation chapter I’ve linked to.
yes, but it’s not clear. Because, we can’t choose a particular messages in indices.
Graylog doesn’t support deleting individual messages. The smallest unit is an index.
yes, but I don’t understand the difference between the different indices, because we don’t have need to choose a source
What exactly don’t you understand? Please elaborate.
I don’t understand the operation between the differents input and the differents indices. And I don’t know what is the interest to create many indices
thanks
All messages received by Graylog are initially routed into the “All messages” stream, which is backed by the default index set.
If you want to keep messages for a different period of time, if they have different schemas (index mappings), or if you want to filter out some messages and only allow access to a subset, you might want to route them into different streams which are backed by different index sets (with unique rotation and retention settings).
thanks for information
It’s possible to see the messages presents in the indices and index. Because, it’s write the number of documents and the size, but no the messages.
Thanks
just search normally, but add an extra search term:
_index:graylog_XXX
(replace XXX with the index number you want to search from)
ok thanks for informations
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
