Hi Jochen, Just want to explore a bit further.
These messages are now in binary format, and it seems to be parsed already. Is there a way to convert them back to original text messages? or there is no way to convert it back to original text form? I am asking the question on behalf of one of my colleague who was thinking about retrieving information from the consolidated data (log messages from multiple source). Thanks, Wayne On Thursday, October 20, 2016 at 6:16:14 AM UTC-4, Jochen Schalanda wrote: > > Hi Wayne, > > On Wednesday, 19 October 2016 21:28:25 UTC+2, Wayne wrote: >> >> Let's say we send a query and search a couple of records, now we would >> like to retrieve the original text message. Does Graylog keep the original >> copy of the log message? >> > > No, it doesn't. > > > In addition, the disk based journal seems to keep some data, but not >> completely visible. Are those the copy of the messages? >> > > Basically yes. The disk journal contains the raw binary message received > by an input until a codec decodes the message and indexes it into > Elasticsearch. > > Cheers, > Jochen > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/e5e308d4-7fab-4952-9d19-859db6f4f1a7%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
