Message rotation and compression

rvenne · March 10, 2017, 8:55am

Hi, I plan to keep 7 day logs, but gray server seams to keep more then 10 days log. So I reduced to 3 days and I can always see all logs.
elasticsearch_max_number_of_indices = 3
rotation_strategy = time
retention_strategy = delete
elasticsearch_max_time_per_index = 1d

is there something wrong with those config lines?
and, can I activate elasticsearch compression? is that supposed to make bug graylog server?

jtkarvo · March 10, 2017, 10:04am

hi

Change the retention times from the UI:

System/Indices
then Edit, and you’ll see the correct place to change the settings.

rvenne · March 10, 2017, 10:16am

ok. I didn’t make search in a most common place. thanks for you answer. It was set to keep 20 indices and to rotate by indice size. Is there some schedule queue to delete useless indice?

rvenne · March 10, 2017, 10:28am

You may ignore my question: graylog is deleting unless log and I’m getting more disk space.

Topic		Replies	Views
Indices, rotation, disk space Graylog Central (peer support)	10	8447	March 21, 2019
Log Retention Strategy Graylog Central (peer support)	5	1854	March 5, 2020
Elasticsearch Retention Period Graylog Central (peer support)	5	3177	June 30, 2017
Graylog Indices with problem Graylog Central (peer support)	2	898	March 4, 2022
Index strange rotation and size differences Graylog Central (peer support) elastic	10	1390	September 7, 2022

Message rotation and compression

Related topics