Hello,
Im new in elastic.
I would like to know, for how long the logs are "active " in logstash. Can I archive them, if yes how?
Thank you
Hi @juuuhuuu,
glad you're giving the Elastic Stack a try. I can't quite follow your question, though. Logstash is a piece of our stack that can perform the transformation of data before it is ingested into Elasticsearch. Could you elaborate on what you mean by "active"?
Hello @weltenwort,
Thank you for your answer. I would like to use ELK Stack to send just error Logs in Logstash-> Elasticsearch -> Kibana. Is it possible to archive the error Logs ? If yes, how?.
I see, so you're asking about how to manage the retention of the log messages?
With the log messages being stored in Elasticsearch, this is the place were any retention policy would be configured. Elasticsearch supports quite elaborate automatic index life cycle management. What the specific recommended index layout and life cycle policy is depends on you definition of "active" and "archived". Should archived log entries be deleted? Should they be searchable but located on nodes with cheaper storage? It really depends on your scenario and requirements.
There's a blog post about index lifecycle management (ILM) on our blog that walks through an example scenario. I highly recommend giving that a read.
Thank You very much. Great, I was searching for something like that .
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.