Hello! We've been happily using Graylog for a few years now. When we originally set it up (early 0.x revisions), there was no access controls or standard(ish) log retention configuration. As a result, we set up different Graylog instances any time a group of systems couldn't all have the same settings for one or the other.
We recently moved our data center and upgraded to the latest version of Graylog during that process. The new stream-based access controls seem to be perfect for per-user access to logs, and we can setup our own tools to selectively apply retention rules. In light of these new features, does it make sense to have different Graylog installations anymore? I'm inclined to move us to a single, highly available, Graylog cluster per region. I can only think of one argument against this, the extremely unlikely event that a single application somehow generates enough logs to take down the cluster, and I'm willing to live with that. Thanks in advance! Terence -- You received this message because you are subscribed to the Google Groups "graylog2" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
