Is Elasticsearch Rollover Index compatible with Graylog

nico · August 7, 2019, 1:26pm

Hello,

We would like to reduce the number of shards our cluster has. We already changed our retention/rotation policy but the number is still too high.

We found the rollover index feature from Elasticsearch (https://www.elastic.co/guide/en/elasticsearch/reference/6.8/indices-rollover-index.html), and we would like to know if we could use it with Graylog and if you have knowledge about the two things working together. We are afraid that the alias used by Elasticsearch won’t work with Graylog.

Thanks for your help

jan · August 20, 2019, 9:59am

if you have configured your retention and rotation for the indices and also changed the number of shards per index Graylog will make the housekeeping of your new created indices and will take care that you only have the configured amount of indices.

New indices will take care of your new shard configuration, old indices will not be adjusted. I’m not sure what exactly your goal is with the rollover in elasticsearch. Maybe you can describe your idea behind that.

system · September 3, 2019, 9:59am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Question about changing Maximum Indices Graylog Central (peer support)	2	464	November 27, 2018
Graylog and Elasticsearch 6.7 Index Lifecycle Management Graylog Central (peer support)	3	2924	April 19, 2019
Stop creating Graylog Indices Graylog Central (peer support)	4	882	September 20, 2018
Index strange rotation and size differences Graylog Central (peer support) elastic	10	1502	September 7, 2022
Graylog Data Retention and Compress Graylog Central (peer support)	9	3094	November 1, 2022

Is Elasticsearch Rollover Index compatible with Graylog

Related topics