For my lab environment iām rethinking the configuration. This to the point i consider reinstalling graylog from scratch.
With over 40GB of logs in elasticsearch i wonder if i can simply reconnect Graylog and run some commands to rebuild any required data so i can resume where the reinstallation caused an interrupt
Br,
Joris
as long as you use the same mongoDB this will work - but when you want to rebuild that too your desired way will not work. As Graylog saves meta data with your ingested information - like what streams that data belong to. The streams are referenced with UUIDS so those will change and the data will be invisible.
You could use the archiving feature to export your data and import into the new system.
not sure i understand everything but thanks, it helps.
Fortunately iām not forced to change the mongoDB. It may be a good exercise in itself, regardless. It also brings attention to rethinking the setup so i can keep the mongoDB consistent even with a larger setup.
Dear @jan, does it mean that there is no way I can ingest into ES directly?
i think that is exactly what it means
to my understanding Graylog is designed as a front-end to mongodb/elasticsearch as back-end
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
