What does everyone do with their Graylog logs? How do you monitor them? Do you just ingest them back into Graylog itself?
You can do this, BUT you can also cause big issues doing this, you can create a loop where the error mesages create more errors etc.
Ideally feed them into a second cluster, maybe a small test cluster or something.
That’s why I was wondering what others did. 
I was concerned about creating a loop when I started using the DNS/rDNS data adapter but so far that doesn’t seem to be an issue.
I just look at some of the things on the system tab every few days. I could probably be more proactive, but ingesting the graylog syslog sounds like trouble to me.
My problem with just looking at the system tab is that I never see ingestion errors there. The only way I’ve been able to determine problems in my input, extractors, pipelines, etc has been to look at the Graylog logs on the console.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.