Graylog Storage related

Before you post: Your responses to these questions will help the community help you. Please complete this template if you’re asking a support question.
Don’t forget to select tags to help index your topic!

1. Describe your incident:

I have installed graylog 5.0 and opensearch 2.9. Currently we have 5k eps and index size for daily 180 GB. currently we have out off storage. I have done lot of research related to store the data and found that opensearch has storage compression feature with zstd with dictionary. i am looking for plugin but no luck. please help me for the same.

2. Describe your environment:

• OS Information: CentOS 7.7

• Package Version: 5.0

• Service logs, configurations, and environment variables:

3. What steps have you already taken to try and solve the problem?

4. How can the community help?

Helpful Posting Tips: Tips for Posting Questions that Get Answers [Hold down CTRL and link on link to open tips documents in a separate tab]

As far as I know this would need to be set via the index template in OpenSearch which isn’t supported with graylog.

Thanks for your reply.

What is the best option available to store 1 year data with compression?

Also I have observed ArcSight or Other paid solution provide the 10:1 compression level so how to achieve similar compression in Graylog.

Thanks.

The archive feature supports compression, but it is a paid/licensed feature only.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.