Hi all.
We have a 5G license for testing and as I have issue with the License violation I wonder what does graylog check in terms of logs allowance?
Is it the index amount on Elasticsearch or what?
Thanks heaps
Yes, that’s pretty much how the licensing works. Graylog keeps track of how much data is being indexed into Elasticsearch (not the total size of the indices), minus the overhead generated by using JSON on the Elasticsearch HTTP API.
You can see what Graylog considers as “traffic” on the System/Overview or System/Enterprise pages (they show identical information about traffic).
Specifically, as Jochen said, Graylog tracks the amount of bytes (for numeric fields) or characters (for strings) in fields of the messages written to Elasticsearch, so it includes fields that were created by extractors, lookup tables etc, but is ignoring internal system fields. Since this is done prior to writing out the elasticsearch protocol, this traffic does not include any JSON or protocol overhead.
Graylog does not care how much data is available for search and will not stop indexing data either, it is only the Enterprise features that will stop working after too many license violations.
Thanks guys. Appreciated.
I thought it would be the case.
Thanks again
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.