Archiving
  • 25 May 2022
  • 1 Minute to read
  • Dark
    Light

Archiving

  • Dark
    Light

Graylog enables you to configure a retention period to automatically delete older messages. This helps control the costs of storage in Elasticsearch. But we know it’s not ideal to decide between keeping less messages in Graylog and paying more for hardware. Additionally, you may be required to store data for long periods of time due to compliance requirements like PCI or HIPAA.

The Archiving functionality allows you to archive log messages until you need to re-import them into Graylog for analysis. You can instruct Graylog to automatically archive log messages to compressed flat files on the local file system before retention cleaning kicks in and messages are deleted from Elasticsearch. Archiving also works through a REST call or the web interface if you don’t want to wait until retention cleaning happens. We chose flat files for this because they are vendor agnostic and you will always be able to access your data.

There are multiple ways to manage and maintain archived files. You can move them to inexpensive storage or write them on tape. Additionally, you can print them out if you need to physically access these files. If you need to search through archived data in the future, you can move any selection of archived messages back into the Graylog archive folder. The web interface will enable you to temporarily import the archive so you can analyze the messages in Graylog.

Note

Archiving is a commercial feature and part of Graylog Operations.


Was this article helpful?

What's Next