Hi,
I tested graylog with the OVA Appliance and the Index is full now and instead of increasing it I thought that it would be better to install a new VM and install graylog manually. So, I have done this but it would be nice if I can migrate the data from the old test server to the new one?
I have about 20 GB data and I dont want to lose it.
Thank you in advance!
Best Regards
Andi
what data are you most concerned about? Just the configs, or are you wanting to back up all the data on the appliance?
No, the config is not important because I haven’t configured much things in the old system. Just 3 or 4 Inputs and as a test the VMware Plugin but it doesn’t work unfortunately 
There are about 20G data from the inputs and only this data I would like to migrate to the new server. I hope this is possible 
Maybe as a output from the old system to the new or just copy? I have no idea. I am totally new to graylog and elastic or something.
you need the configuration from your mongoDB to be able to read the data in elasticsearch.
The easiest option would be a copy of your mongoDB database, use that as starter for your new cluster and connect both elasticsearch nodes to each other that you can copy the data from the old to the new server.
This is not an easy task - as in elasticsearch the information who has access to what is stored together with your data. If the meta information change (cluster information, userid, streamid and more) you are not able to access the data again from within Graylog.
I am not sure if you can set up an OVM instance in a cluster, a quick search didn’t find anything for or against it. I would research creating a mongo replica set/ Elasticsearch cluster with a new Graylog front end… change who is master and once all is working you can drop out the OVA. This also would put you in a ready position for the future…
Thank you very much for your answers! Unfortunately I already installed the new server and switched IPs so that the syslogs are terminating on the new server.
So I can not start from scratch at this point. I am not sure if I am able to get the old data into the new server. 
The idea from tmacgbay sounds interesting but I don’t understand it completely. Do you have a detailed tutorial for this?
Maybe for you a background information: We don’t have a syslog system but had a really bad failure last week Because of this we need a logging system (we are trying greylog) for the logs. We are speaking about our VMware infrastructure.
As I said I am new to graylog but I give my very best to set up a system which will store all relevant logs for us.
Hello @augandi, welcome!
Sorry to hear about your misfortune. If you don’t have much/any experience with Graylog, MongoDB, or Elasticsearch then what you are asking to do is going to be a stretch. You need to get familiar with the technical architectures of all of the technologies so that you understand each of the components involved. The Graylog documentation is fantastic; I haven’t found anything that I need to know about Graylog not to be in there. There’s also a lot of Elasticsearch documentation over on the Elastic website. You’ll want to review that.
For creating a Mongo replica set and Elasticsearch cluster, literally the first search hits for me when I searched “how to create …” on a search engine were what you need, but without the context you won’t be able to follow very well.
Go check out the basic documentation for each of these technologies and let us know where we can fill in the gaps!
If your new graylog system is already receiving data you can’t cluster the old one per my suggestion (if someone stumbles across this here are the high level details on a multi-node setup: https://docs.graylog.org/en/4.0/pages/configuration/multinode_setup.html#configure-multinode)
Elastic has provisioning for copying data to a new elastic instance you can find easily with a google search …or … well … here: (https://www.elastic.co/guide/en/cloud/current/ec-migrate-data.html) but you may need to create the index with your new graylog server before you “re-index” the data over since Graylog needs to initiate/understand all indexes. All this is conjecture, I have not done it. One of the admin dudes might correct me. Its not a simple task as ttsandrew said and it will take some research.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
