As I’m testing and learning Graylog, I’ve created a Content Pack in order to not lose my streams, pipelines, etc. But there doesn’t seem to be a way to include indices in the content pack. Which means that when I upload the content pack to a clean server that everything ends up in the default index.
Is there a better/easier way to accomplish this?
Greetings!
While there does not appear to be a way to do this currently using the Graylog UI, it does appear we have some API endpoints that could help with this:
Beyond that we are working on better integration of OpenSearch with graylog to allow for graylog to manage settings and configurations of OpenSearch. I don’t have a timeline though, but it will be a “datanode” role of graylog.
I’m not concerned with the contents of the indexes, as I’m creating from scratch as I test. The problem I have is that the indexes attached to my streams don’t get included in the content pack. Therefore when I upload the content pack all streams end up pointed to the default index.
Are there plans to add index names and creation to content packs in order for graylog to automatically set them up?
Oh, as a side note, is there a way for content packs to automatically handle duplication? Every time I create a new version I need to make sure I don’t accidentally include something that the previous version of the content pack created.
Regarding plans to integrate indexes into content packs, i have not seen or heard of anything on the roadmap but thats not to say it can’t or won’t happen, just nothing planned at the moment.
Regarding duplicates, I don’t believe there is any handling for that as well. You’re welcome to open an issue as a feature request though and the community at large can comment on it. Like the above, we cannot guarantee it will be added but it helps to have visibility into solving issues or pain points for our users.
I’ll go ahead and create a feature request. Unfortunately content packs don’t handle updates or duplicates well at all.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
