Hi Jochen, That worked great, i archived the data using the copy and no downtime, Thanks Much for your help.
I tried to copy back the data and changed the ownership to elasticsearch, but the indice was not shown in elasticsearch yet. I tried to refresh the whole indice, but no luck. I closed one of the open indice, which was closed successfully and the backed up indice that i copied was also shown. I then recalculated the index in graylog to show the index. Is there any other function/operation that can help me to show the indice in elasticsearch after it is copied back. Am i missing something. Regards, Hema. On Wednesday, April 8, 2015 at 2:37:53 PM UTC+5:30, Jochen Schalanda wrote: > > Hi Hema, > > if you're modifying the Elasticsearch indices Graylog externally, you'll > have to recalculate the index ranges (System -> Indices -> Maintenance -> > Recalculate index ranges). > > Cheers, > Jochen > > On Tuesday, 7 April 2015 13:51:28 UTC+2, Hema Kumar wrote: >> >> Hi Jochen, >> If i build a shell script using the API and move the closed indice >> files to different location, would a elasticsearch restart is required in >> order to refresh itself and the graylog? >> >> Based on your suggestion, my plan is to grep for closed indices using API >> and zip/move all the indices to a different location. >> Would this help or should i just copy the file to a different location >> and delete the source with the help of curator. >> >> Any ideas to include log rotation policy roles into elastic search in the >> future release. >> >> Thanks, >> Hema >> >> >> On Friday, April 3, 2015 at 3:23:35 PM UTC+5:30, Jochen Schalanda wrote: >>> >>> Hi Hema, >>> >>> multi-tiered data retention is currently not supported by Graylog. You >>> could probably build something yourself quite quickly using the >>> Elasticsearch API directly (e. g. check which indices are already closed >>> and then create a snapshot of them). Maybe you could even use Curator ( >>> http://www.elastic.co/guide/en/elasticsearch/client/curator/current/about.html) >>> >>> for that. >>> >>> Cheers, >>> Jochen >>> >>> On Friday, 3 April 2015 01:35:00 UTC+2, Hema Kumar wrote: >>>> >>>> Hi, >>>> Is there a way to do a log Rotation >>>> >>>> - My policy is to hold 60 days of indices which was done in the >>>> configs, the logs more than 60 days are closed. >>>> - The second thing is after 60 days the closed indices should be moved >>>> to different drive and should hold it for 120 days but should still be >>>> available in graylog for easier access to open and search for it. >>>> - The third is after 120 days the logs can be archived using a zip >>>> utility and stored in different drive or deleted. >>>> >>>> * Numbers are just reference. What i am trying to ask is, would graylog >>>> be setting such log rotation policy instead of external tools. >>>> >>>> Really like the tool that is being developed. Thanks Much. >>>> >>>> Regards, >>>> Hema. >>>> >>> -- You received this message because you are subscribed to the Google Groups "graylog2" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
