Hi, I have questions about how many gb do you get the next positions of saved logs? and how does it affect your work?
second question where can I find these archives of saved logs in linux? where is the default path where you save it? and can these archives be manually copied and run in notepad na Windowsie?
After apparently 8 million entries. And you can find them in Elasticsearch - in other words, you can’t see them with a text editor. And no, you can’t “run” them in notepad…
As it goes in IT: it depends.
The words you are looking for are: “rotation policy” or “retention policy”.
Each Graylog index can be configured to have a specific policy for the retention of data and the rotation towards the next index. This can be based on the amount of time, or the amount of messages.
Based on your screenshot @benvanstaveren miscounted: your indices are rotate after 80 million entries; he missed a zero 
where can I find these archives of saved logs in linux?
As Ben pointed out: all logs are stored in the ElasticSearch database. Graylog does not store data in files on the file system. There’s a wonderfully complicated database backend that’s used for storing and querying the data.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
