What is log rotation in Graylog?

QueenOfCode · June 16, 2022, 8:26pm

Hello,

I have a question about log rotation in Graylog. What does “rotate the currently active write index” mean in simple/newbie terms? I know that log retention has to do with deleting logs eventually, but why would I need to specify the maximum number of indices for the Index Retention Configuration part?

Thanks!

Update: Let me know if my understanding now is correct (or correct any flaws): I set a specific rotation period / max byte size, and once the index reaches that, a new index is created (?). Then, once the number of these indices hit the max number specified in “Index Retention Configuration,” then whatever action I choose is performed on them (they’re deleted, archived, etc.). Is this correct?

tmacgbay · June 16, 2022, 10:17pm

Thats how I would have explained it.

gsmith · June 16, 2022, 10:18pm

I agree with @tmacgbay

patrickmann · June 17, 2022, 7:04am

Once the max number of indexes is exceeded, GL performs the configured action to bring it back down to max. So usually only 1 index gets deleted / archived / etc. at a time.

QueenOfCode · June 17, 2022, 11:40am

Thanks everyone! I’ll label this as the solution for future reference.

system · July 1, 2022, 11:41am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Changin Index rotation type Graylog Central (peer support)	4	1572	December 13, 2017
Indices, rotation, disk space Graylog Central (peer support)	10	8519	March 21, 2019
Graylog Index retention changes not reflected on indices Graylog Central (peer support) elastic , capacity_planning	4	730	June 19, 2023
Rotation not working (Index Set bigger than configured) Graylog Central (peer support)	1	605	September 4, 2020
Index retention Graylog Central (peer support)	4	664	December 7, 2017

What is log rotation in Graylog?

Related topics