Hi Jochen, To clarify the question:
(1) About the logstash-yyyy.MM.dd indexes I only installed Graylog2 server, Elasticsearch, Mongodb based on the lastest Graylog2 document. The daily logstash-yyyy.MM.dd was generated, but I did not install Logstash. Is this normal? (2) About the re-indexing option As far as the option of re-indexing you mentionded, are you saying I can use the ElasticSearch instance as input, and use log shipper such as graylog collector sidecar to push the index to graylog server? My concern is that would duplicate the data. In addition, can graylog collector sidecar be log shipper in this scenario, or I need to install logstash to do the job? Thanks Wayne On Thursday, October 20, 2016 at 1:54:53 PM UTC-4, Jochen Schalanda wrote: > > Hi Wayne, > > On Thursday, 20 October 2016 18:13:21 UTC+2, Wayne wrote: >> >> That probably requires setup of additional Graylog server plus installing >> logstach as log shipper? >> > > No, you can read from the same Elasticsearch cluster and write into the > same Graylog instance. > > > I can see two types of indexes in /var/lib/elasticsearch/graylog/nodes >> >> (1) graylog_x >> >> (2) logstash-yyyy.MM.dd >> >> What is the relationship between between these two types of indexes, and >> if the configuration is set up to delete old indexes, which indexes will be >> deleted? >> > > The first one, graylog_*, is managed by Graylog, the latter is being > created and written into by logstash (depending on the configuration). > > Graylog doesn't have to do anything with the latter one and can't read > from it. > > > Cheers, > Jochen > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/fc8ad160-b699-4458-853f-59f4e5c5b0ef%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
