Graylog log store location

can any tell me where does graylog store logs of client on base of rsyslog in centos

All log messages ingested by Graylog are indexed (and thus stored) in Elasticsearch.

can it be this (/var/log/elasticsearch/)

if i am stopping elasticsearch service , can i be able to see the logs or not and how can i restore the logs

Elasticsearch is a database, and in default it compress the logs, and may be store it in shards. so you can’t read the logs.
Here is the official Bacup and restore Doc.

If you make a snapshot, you also won’t see the logs. It is not an export tool/solution.

You might want to take a look at the Graylog Enterprise Archiving plugin:

can any one explain me this ?

What exactly do you want to know?

indices , document , and size concepts
how many size will it take and all vaule which are their

Shards and Replicas are terms from Elasticsearch, see for details.
The number of documents, indices, and the size on disk should be pretty self-explanatory.

Also make sure to read for details about how Graylog is using Elasticsearch and what the concept of index sets means.

can u tell approx 15 to 20 linux and windows server logs required how much size on graylog server

No, a generic answer for that is not possible.

how can i setup a dashboard with only 0 & 1 level and it should send a mail on basics 0 & 1 and alert on that base

Can anyone tell me how to setup graylog with logstash and elasticsearch i.e (elg) or share any docs related to it

Please don’t hijack old topics.

You can find step-by-step installation guides in the official Graylog documentation: