I would like to make a backup of my graylog config. I thought that would be simple, but … no
I noticed there is a content pack options, so I thought that is the way to backup all my settings.
So I opened the config pack menu selected all the items, filled in the fields and clicked next
There are questions about parameters. I really really have no idea !!! I just want to backup every thing.
So I clicked next and create and download …
The result is an empty !! content pack
Not only that … but there also all kind of remarks in the documentation, that not every thing will be in the content pack. Among that pipeline rules etc !!!
So, I am lost ! I hope someone can explain how I can create (and restore) a backup containing every thing !!
Recent video’s can help perhaps.
The graylog documentation is not very help full in my regard
(it tells what I can see in the menu, that is almost all)
Thanks, I did read that on the graylog site, but it does not feel ‘solid’. I make those backups now any way.
It is not clear to me what the role of open search is next to MongoDB. One DB should do !???
The graylog instance I am building is running in a Truenas core VM. I am curious what will happen, if I make a copy of a early VM-snapsshot and replace the mongo db with the backup. Perhaps a far future tryout
MongoDB stores all the configuration of Graylog (settings, users, etc) opensearch stores all the messages themselves. Opensearch also allows you to take a snapshot as a backup, however opensearch can grow very large with all those messages, MongoDB is relatively small and easy to backup.
I am especially worried for the pipelines I build and the underlying grok etc rules.
In opposite to the input related rules, the pipeline rules can not be accessed from the higher level menu. And also strange that it is not one set of rules.
But related to back-ups:
the input related rules can be captured and saved as text (what I really appreciate !!! ) where there is as far as I know, no way to capture ans save the pipeline related rules
and I am also worried reading that in documentation that you have to save (pipeline) rules etc separately and that it not yet included in the actual backup
procedure
I would really love to see a backup and recovery procedure integrated in the graylog menu
Pipeline rules are also stored in Mongo. As @Joel_Duffield said, everything but the messages is in Mongo. So just focus on backup that up and you’re covered.