I was wondering if it’s possible to maintain metadata from the logs, like usage statistics, while discarding the informational logs we no longer need. We have some devices that are very verbose, like our firewall logging every single connection, permitted or denied, which results in significantly more logs that we care to keep, but we would still like to have the metadata gleaned from the logs.
Am I missing something in Graylog or is there maybe an add-on?
Thank you, everyone, for entertaining my ignorance.
you might want to have multiple indices, extracting important information into a new event and keep the origin message only for a few days but the new created messages as long as you want to have that.
Yes, I think that makes sense. Is there a way to generate log data based on the current stats in Graylog? For example, if we have certain statistics in our dashboard or custom search, could we periodically log that with built-in facilities in Graylog? Or would we required using some external resources (such as a scripting that pulls the data via REST API and then re-logs it back to Graylog into another index)?
