Hi again,
i configured the log rotation to one year in the graylog web interface but i’m not sure of my configuration. I did that :
Is there another thing to do maybe in elasticsearch ?
No, all you have to do is configure the rotation and retention strategy of your Graylog node.
http://docs.graylog.org/en/2.4/pages/configuration/index_model.html#index-set-configuration
Your configuration seems a bit odd. Given your settings, Graylog would rotate indices every 366 days (which is awfully long) and keep 20000000 indices (which is also awfully lot), so that you would have 20,000,000 years worth of log data. 
Hint: Maybe you want to rotate indices every day or week and keep a bit less indices.
Re, Thanks for the answer
According to the law, I must be able to show 1 year old logs.
I planned 200 GB to store all thoses logs.
Yes 20 000 000 ^^ is too long so i changed it to 2.
This also would be possible with weekly rotated indices by keeping 53 indices.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.