Hi Andrei, the "_ttl" metadata attribute of Elasticsearch messages (http://www.elastic.co/guide/en/elasticsearch/reference/1.x/mapping-ttl-field.html) can't be changed or defined within a GELF message. Graylog currently does not support log messages with a limited life-time.
Cheers, Jochen On Tuesday, 14 April 2015 18:04:56 UTC+2, Andrei S wrote: > > What i'm trying to accomplish is to send GELF log messages from within a > Java application with a specific TTL for each level type. For example a > ERROR, INFO, WARN level I would like to have a TTL of 3 Months, while a > DEBUG level I would like to have a TTL of 1 Month. > The question is, can you specify the TTL information with the GELF format > ? As TTL is not a standard GELF field and would go to additional fields, > and if you put it as an additional field, when Graylog send the data to > Elasticsearch it is not interpreted as TTL information, just as an > additional field with a string. > I have also tried to do the TTL from the Graylog side with DROOLS > processing but was not able to properly introduce the TTL field with DROOLS > so can't say yet if that is a feasible alternative. > Did anyone attempt to do this and have any feedback ? > I am running on Graylog 0.20 but right now i'm upgrading the to Graylog > 1.x and tying to see what's new there :) > -- You received this message because you are subscribed to the Google Groups "graylog2" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
