I have a question, because of parties my graylog disk is full, I just added some space. But I lost data because the disk was full. But luckily I had configured another syslog server to store the raw data from the Firewall. My question is how can I do to process those files that I have on the syslogB. I thought about using graylog sidecar using a filebeat on my windows machine and leave the files in a directory for it to process.
Seems like a reasonable way to do it… I would set up filebeat to pick up any files you drop into the directory, but create some short dummy files in a similar format so you can make sure it ingests properly and adjust if it doesn’t before you put the actual files in
