This sounds like you have lots of indexer failures, which lead to messages being stored in MongoDB.
Your best bet is REST and MongoDB queries, yes. Have a look at elasticsearch delete queries. For MongoDB look at the size of the system_messages and index_failures collections. For details please refer to their respective documentation pages. Needless to say, updating would be the best option, 1.0 has time based retention which makes your life easier. Best, Kay On Mar 9, 2015 3:19 PM, <[email protected]> wrote: > Hi, does anyone have any pointers or suggestions on this subject? > Thank you very much. > > > Il giorno giovedì 26 febbraio 2015 00:05:15 UTC+1, [email protected] > ha scritto: >> >> Hi, >> I'm using graylog2 0.20.1 (I'm not allowed to update it) and I'm >> wondering how can I manage maintenance of the elasticsearch and mongodb >> directories/db. >> >> In less than one month, elasticsearchdata is at 8 GB and mongodb journal >> is at 3.3 GB. >> I have space available, but this got me worried. >> >> I need to keep 6 months of logs and delete the rest, and that's a first >> part of the question: is there a way to do it in the version I'm using? Or >> should I directly use custom REST or DB queries? How? >> >> Then, are there issues with the DB size? Is there any recommended tuning >> I should care about? >> >> I looked at the documentation and searched the web but couldn't find >> suitable suggestions yet... >> >> Thanks. >> 01 >> > -- > You received this message because you are subscribed to the Google Groups > "graylog2" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "graylog2" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
