Hello
Since my Graylog disk space is almost saturated, I would like to set up a HOT/WARM architecture in order to better organize the indexes and send them to the archive or delete them
However I noticed when I went to Graylog that no more logs are displayed, yet I still have in/out messages
I’ve also noticed some indexing error messages that I can’t understand, even searching the Internet
Can this be because my disk is almost saturated (93%) or the problem is something else?
Thank you
This problem is related to your other open topic.
In order to prevent some problems related to disk utilization, Elasticsearch closes the index when it reaches the “High Watermark”, so you have to rotate your index and create another one, once the rotation os done you run curator to migrate the rotated index to another node in the cluster with more space.
HI @reimlima , thank you again for the anwser
So my two topics come together
So I can close all the indices that are currently not write-active and archive them, which will solve my disk space problem and allow me to set up Curator?
Hi,
about the rotation, let Graylog do the dirty work.
Go to /system/indices in your Graylog UI and configure a daily rotation like “P1D (1 day, a day)”
After that, run Curator to migrate your data.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
