Hi,
I’m confused , I was to run successfully the Graylog. I’m confused regarding the retention period. I want to retain 3months log of data in Graylog Server. What max number of indices mean? indices means per day? should I set the max number of indices to 90 because I need to retain 3 months of data?
you can set as you want.
1 month retention period, and max 3 pcs.
or
1 week, max 13
or
1 day, max 90
or…
If you set monthly you will have 4 months data before retention, but you will have less indices.
If you set daily, you will have only 91 days data max, but many little indices
(more indices need more memory in elasticseach. They suggest 20-40GB shard size.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
