Thanks, Jochen! I ran into this yesterday and wondering if the following statement is still true about GL2 true from http://stackoverflow.com/questions/9759298/fluentdmongo-vs-logstash:
At present, Graylog2 uses Elasticsearch as well, but uses only a single > index for all data. If you're periodically cleaning up old data, this means > the equivalent of a lot of SQL "delete from table where date>YYYY.MM.DD" > type-calls to clean out old data, where Logstash defaults to daily indexes > (the equivalent of "drop table YYYY.MM.DD"), so clean-up is nicer. It also > results in cleaner searches, requiring less heap space, as you can search > over a known date because the index is named for the day's data it contains. My use case is to index lot of "time-series" data and create daily/weekly indexes so I can discard them easily when the agreed retention for that data expires. I would appreciate your thoughts on this. On Thursday, August 28, 2014 4:32:37 AM UTC-4, Jochen Schalanda wrote: > Hi! > > Am Donnerstag, 28. August 2014 03:19:02 UTC+2 schrieb Foobar Geez: >> >> Can you please clarify if the below scenario works as expected? >> >> Data Input -> logstash (for extraction into fields) -> Elasticsearch <- >> GL2-server <- GL2-web-interface >> >> In other words, can I send data from logstash to Elasticsearch but still >> leverage the authentication/authorization feature along with streams by >> setting up GL2-server and GL2-web-interface? >> > > No. You would need to forward the messages from logstash into > graylog2-server (e. g. with the GELF output > <http://logstash.net/docs/1.4.2/outputs/gelf>). Many Graylog2 features > (especially streams and filters) rely on the log messages being processed > and written into Elasticsearch by graylog2-server. Logstash currently > doesn't (and probably will never) support writing messages in the "Graylog2 > format" into Elasticsearch. > > > Cheers, > Jochen > -- You received this message because you are subscribed to the Google Groups "graylog2" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
