Graylog elasticsearch indices


I have a question related to saving the log. I have a cluster of three graylog nodes. All the datalogs of my customers are collected in the one database. Is it possible to segregate the data for every customer to store it in different/multiple databases??


You can use streams backed by different index sets to store the messages in different indices, e. g. one index set per customer.

Thanks for the quick response. I know that I can separate it with indexes, but all the customers data is stored in the same database location. What I wanted to have is:

Have two customers (A and B). I want that the logs of customer A are stored in database A and that customer B the datalogs stores in database B. Both databases aren’t linked together.

Can I save/store the indices to another location seprately?

You can currently only use one Elasticsearch cluster with Graylog.

This being said, you could probably build something with shard allocation filtering, so that all indices of a specific index set (customer) are stored on a pre-defined set of Elasticsearch nodes. If you do this right, each set of Elasticsearch nodes will only contain data of a specific index set (customer), but you’ll lose some flexibility.

Other than that, it might be easier to set up multiple Graylog and Elasticsearch clusters, e. g. one per customer.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.