i’ve a very practical question. I’ve a system that uses elastic to index some document. I use graylog to log, and I was wondering if it’s possible/advise/ok to use 1 single elastic for both cases or if it’s better to keep 2 elastic running (one for my docs and one for graylog).
I saw this topic and I think now is the time to ask a very similar question: what about using Kibana for visualizations of an existing; healthy and perfectly working Graylog installation? Is that cool? Kibana does write to the Elasticsearch indices so this wouldn’t be a “read-only” kind of a setup hence my concern about any potential negative consequences to Graylog as a result of Kibana writing to the cluster?
yes, kibana is writing to the same cluster, but it’s just metadata about kibana itself, @jochen probably meant to not store shitload of production data on the same cluster, i use kibana daily with success
Thanks @maniel so was it as easy as pointing Kibana to the cluster and then “explore your data” approach worked fine for you? What pattern did you create on start up and against what index name? graylog-* I would expect? If you feel extra gracious a screen shot of some cool Kibana dashboard pulling data from Graylog would be most appreciated!
nope, graylog’s indices naming pattern is graylog_*, after that it should be straightforward, I’d gladly show my dashboard, but I won’t be at work till the day after tomorrow (CET)
I’d be happy to help with some simple setup, as my use case is just a simple one host docker-based graylog + kibana deployment:)
it’s a simple dashboard for traffic analysis, traffic stats are sent by our Sonicwall UTM it sends source and destination data as well as numbers of bytes sent and received in respective fields, i sum it in scripted field and display it in pie charts, also you can format fields as different unit’s, in this case bytes, on the right you can see how much data was sent/received by our utms, on the left the bar charts show transfer through given time for each location