Hi Jochen, That probably requires setup of additional Graylog server plus installing logstach as log shipper? It seems to be a bit messy.
Another question: I can see two types of indexes in /var/lib/elasticsearch/graylog/nodes (1) graylog_x (2) logstash-yyyy.MM.dd What is the relationship between between these two types of indexes, and if the configuration is set up to delete old indexes, which indexes will be deleted? Thanks, Wayne On Thursday, October 20, 2016 at 11:50:08 AM UTC-4, Jochen Schalanda wrote: > > Hi Wayne, > > On Thursday, 20 October 2016 16:49:23 UTC+2, Wayne wrote: >> >> I am interested to know if there is a way to re-index all the data once a >> mapping is updated? >> > > Graylog doesn't support this out-of-the-box. > > If the solution is not available now, is it in the next release? >> > > No. > > On the other hand, is there anyway to do it manually? I understand that >> the ELK stack could do a re-index, but I am not sure if there is a way to >> do it similarly? >> > > You can re-index messages using logstash (input from Elasticsearch, output > to Graylog). > > > Cheers, > Jochen > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/27868742-e4f6-47d6-aaa5-72e2b1c0ea79%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
