Hi,
I should have one very specific question, is there any way to send logs to another graylog server with a delay?
because my problem is that I need to send logs from 4 different locations and there is a slow Internet connection between them (10 Mbit). And if the users are working through the day, it could kill the internet.
is there an option to send logs, for example, only at night?
thank you for any help!
Haven’t tried it, but you could try remote reindex api in Elasticsearch:https://www.elastic.co/guide/en/elasticsearch/reference/5.6/docs-reindex.html#reindex-from-remote. Run it from a curl command started as a cron job. You could use a separate index set for the remote indices, and use that as the dest parameter. After transfer, re-calculate index ranges for the new indices in the destination, and Graylog will find them when you make searches.
tanks for your answer, i will try it and i have a another question, how can i send netflow logs from one server to another server (i think real time, no with delay)?
I tried it with GELF UDP output, but second graylog server nothing receive.
Thanks for any help !
Hi,
i figured out by change output from default stream to new stream and works fine.
thanks.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
