[graylog2] Re: Several indices from 1 and 2 hours ago
Hi Roberto, this issue has been fixed in Graylog 1.3.4: https://github.com/Graylog2/graylog2-server/pull/1693 Cheers, Jochen On Monday, 25 July 2016 17:00:18 UTC+2, roberto...@gmail.com wrote: > > Dear Jochen, I'm using this Graylog version on a Debian 8 server: > > graylog-server 1.3.3-1 all >Graylog server > graylog-web 1.3.3-1 all >Graylog web > > My indices configuration in /etc/graylog/server/server.conf is: > > rotation_strategy = time > elasticsearch_max_time_per_index = 3d > elasticsearch_max_number_of_indices = 10 > retention_strategy = delete > > Please can you tell I'm OK ??? Do you say every time I reboot my server or > restart the graylog-server service I could have problems with the indices??? > > Thanks a lot!! > > > El lunes, 25 de julio de 2016, 11:32:31 (UTC-3), Jochen Schalanda escribió: >> >> Hi Roberto, >> >> which exact version of Graylog are you using? >> >> There were some versions of Graylog which would rotate the indices on >> startup if the time-based rotation strategy was being used, even if the >> shouldn't be rotated according to their age. >> >> Would it be feasible for you to upgrade to Graylog 2.x? >> >> Cheers, >> Jochen >> >> On Monday, 25 July 2016 16:22:31 UTC+2, Roberto Carna wrote: >>> >>> Dear, I've cloned a Graylog 1.3 virtual machine with its corresponding >>> indices, to a new one. This new one Graylog virtual machine started >>> with the same indices, and after that I've deleted some of them. >>> >>> But today I was analyzing the Graylog options, and I realized that the >>> indices don't respond in accordance to my current configuration: >>> "rotates the indices every 3 days and keeps a maximum number of 10 >>> indices", as follow: >>> >>> Graylog2_90: Contains messages up to a few seconds ago (1.8GiB / >>> 4,198,541 messages) >>> >>> Graylog2_89: Contains messages from an hour ago up to in 3 hours >>> (2.3GiB / 6,943,219 messages) >>> >>> Graylog2_88: Contains messages from an hour ago up to in 2 hours >>> (307.7MiB / 887,500 messages) >>> >>> Graylog2_87: Contains messages from an hour ago up to in 2 hours >>> (823.1MiB / 2,434,500 messages) >>> >>> ... >>> >>> Graylog2_81: Contains messages from 5 days ago up to 4 days ago >>> (27.8GiB / 84,685,427 messages) >>> >>> What can I do in order to have my indices matching the current >>> configuration I defined? >>> >>> Thanks a lot, regards. >>> >>> Roberto >>> >> -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/4919af4d-8834-4f6e-b6f7-dddee4f2f9ab%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Re: Several indices from 1 and 2 hours ago
Dear Jochen, I'm using this Graylog version on a Debian 8 server: graylog-server 1.3.3-1 all Graylog server graylog-web 1.3.3-1 all Graylog web My indices configuration in /etc/graylog/server/server.conf is: rotation_strategy = time elasticsearch_max_time_per_index = 3d elasticsearch_max_number_of_indices = 10 retention_strategy = delete Please can you tell I'm OK ??? Do you say every time I reboot my server or restart the graylog-server service I could have problems with the indices??? Thanks a lot!! El lunes, 25 de julio de 2016, 11:32:31 (UTC-3), Jochen Schalanda escribió: > > Hi Roberto, > > which exact version of Graylog are you using? > > There were some versions of Graylog which would rotate the indices on > startup if the time-based rotation strategy was being used, even if the > shouldn't be rotated according to their age. > > Would it be feasible for you to upgrade to Graylog 2.x? > > Cheers, > Jochen > > On Monday, 25 July 2016 16:22:31 UTC+2, Roberto Carna wrote: >> >> Dear, I've cloned a Graylog 1.3 virtual machine with its corresponding >> indices, to a new one. This new one Graylog virtual machine started >> with the same indices, and after that I've deleted some of them. >> >> But today I was analyzing the Graylog options, and I realized that the >> indices don't respond in accordance to my current configuration: >> "rotates the indices every 3 days and keeps a maximum number of 10 >> indices", as follow: >> >> Graylog2_90: Contains messages up to a few seconds ago (1.8GiB / >> 4,198,541 messages) >> >> Graylog2_89: Contains messages from an hour ago up to in 3 hours >> (2.3GiB / 6,943,219 messages) >> >> Graylog2_88: Contains messages from an hour ago up to in 2 hours >> (307.7MiB / 887,500 messages) >> >> Graylog2_87: Contains messages from an hour ago up to in 2 hours >> (823.1MiB / 2,434,500 messages) >> >> ... >> >> Graylog2_81: Contains messages from 5 days ago up to 4 days ago >> (27.8GiB / 84,685,427 messages) >> >> What can I do in order to have my indices matching the current >> configuration I defined? >> >> Thanks a lot, regards. >> >> Roberto >> > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/eb43727c-8bfa-42ea-b6d6-94e682c49b3b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Re: Several indices from 1 and 2 hours ago
Hi Roberto, which exact version of Graylog are you using? There were some versions of Graylog which would rotate the indices on startup if the time-based rotation strategy was being used, even if the shouldn't be rotated according to their age. Would it be feasible for you to upgrade to Graylog 2.x? Cheers, Jochen On Monday, 25 July 2016 16:22:31 UTC+2, Roberto Carna wrote: > > Dear, I've cloned a Graylog 1.3 virtual machine with its corresponding > indices, to a new one. This new one Graylog virtual machine started > with the same indices, and after that I've deleted some of them. > > But today I was analyzing the Graylog options, and I realized that the > indices don't respond in accordance to my current configuration: > "rotates the indices every 3 days and keeps a maximum number of 10 > indices", as follow: > > Graylog2_90: Contains messages up to a few seconds ago (1.8GiB / > 4,198,541 messages) > > Graylog2_89: Contains messages from an hour ago up to in 3 hours > (2.3GiB / 6,943,219 messages) > > Graylog2_88: Contains messages from an hour ago up to in 2 hours > (307.7MiB / 887,500 messages) > > Graylog2_87: Contains messages from an hour ago up to in 2 hours > (823.1MiB / 2,434,500 messages) > > ... > > Graylog2_81: Contains messages from 5 days ago up to 4 days ago > (27.8GiB / 84,685,427 messages) > > What can I do in order to have my indices matching the current > configuration I defined? > > Thanks a lot, regards. > > Roberto > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/cb675936-8e21-49bf-9c0a-a6b2704947c6%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
