Where are Graylog logs stored in a VM?

Graylog Central (peer support)
1

Hello :slight_smile:

I’m running Graylog on a VM and am considering possibly allocating more resources to my VM.
To my understanding, Graylog logs are stored on disk space. Does that mean that Graylog logs are stored in the VM’s hard disk, storage, or memory?

Thanks!

2

Hello,

Elasticsearch stores those logs. In Elasticsearch YAML file you can see where

# ----------------------------------- Paths ------------------------------------
#
# Path to directory where to store the data (separate multiple locations by comma):
#
path.data: /var/lib/elasticsearch  <--- HERE
#
# Path to log files:
#
path.logs: /var/log/elasticsearch

This can be changed, if its a new installment it really easy, but if you have old data there will be some adjusts needed. There are other posts in the forum you can reference.

1 Like
3

Thanks for the response.

Ok, I found the file. So those logs are in this directory, which is stored on the VM’s hard disk, correct?

4

Sort answer is yes.
More accurate answer, those logs are in a index.
Example:

[root@graylog indices]# pwd
/var/lib/elasticsearch/nodes/0/indices
[root@graylog indices]# ls -al
total 12K
drwxr-xr-x. 149 elasticsearch elasticsearch 8.0K Jun 22 19:03 .
drwxr-xr-x.   4 elasticsearch elasticsearch   49 Jun 23 16:47 ..
drwxr-xr-x.   5 elasticsearch elasticsearch   35 Jun 21 19:00 1m6HNvrxTBGd7ONk0HRZVg
drwxr-xr-x.   5 elasticsearch elasticsearch   35 Jun 16 19:00 1RJPRPJgTwC1dZgnDFskiQ
drwxr-xr-x.   5 elasticsearch elasticsearch   35 May 26 19:00 2ij_JXf2S4afuU_iFD5x_A
drwxr-xr-x.   5 elasticsearch elasticsearch   35 Jun 13 19:00 2S_QsO7hSk6j8DdKpIfMhA
drwxr-xr-x.   7 elasticsearch elasticsearch   51 May 26 18:48 3HQjrxznTkWHk5rwYwBwyQ
drwxr-xr-x.   7 elasticsearch elasticsearch   51 May 26 18:48 -3rt6k0HTf6PtBjy8V9cpQ
drwxr-xr-x.   5 elasticsearch elasticsearch   35 Jun 11 19:00 3UbuGefeS4iftOuhEEbftg
drwxr-xr-x.   7 elasticsearch elasticsearch   51 May 26 18:48 3WJgrcj_SPGhPkRDk9TCdw
drwxr-xr-x.   7 elasticsearch elasticsearch   51 May 26 18:48 4ATkEmWmSEGXua2PfLUe0w
1 Like
5

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.