Hej Jamie, On to my question. I have a graylog server that is only doing graylog and mongodb that I spun up from the ova. I have setup two seperate ova instances to be elasticsearch nodes only. My question is, when the logs come in to the graylog server (Just from windows at the moment) are they stored on the graylog server, or do I need to add space to the elasticsearch nodes? I am getting confused about elasticsearch in this equation and the indices page. Even after reading info in Elasticsearch's home website it's still fuzzy after I read it. Just want to ensure that I have the correct amount of hard drive space for each node in the cluster. FYI: I have expanded the graylog server's HD to 100gigs since I figured that's where the logs are being kept. Just wanting to make sure that I am right in this assumption.
In the Setup, you describe the Messages will be stored on the Elasticsearch nodes. Think of them like Database Server where the Content is stored and the Graylog Server is the Application that requests the Information from the Database. Additional Graylog does the processing of the Messages before they are inserted into the Database. That means you need some storage on your Graylog System for the Journal ( which is a queue that is used if you have any issues with your Elasticsearch setup ) but most of the space is needed for the Data directory of your Elasticsearch Nodes. kind regards Jan -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/etPan.57b5826f.adf33c6.5c18%40jalogisch.de. For more options, visit https://groups.google.com/d/optout.
signature.asc
Description: Message signed with OpenPGP using AMPGpg
