Add date and timestamp to index

[karl2k]

Expected Behavior

Looking to see if it is possible to have graylog create indexes to include the current date and timestamp in the name of the index. This would allow for easy restores if the indexes are kept in their directory format. Splitting indexes by size, time, or count can result in multiple indexes created each day, which makes restoration of a particular day guesswork if the directory creation date has been modified from the original time.

Current Behavior

Instead of graylog_xx. Something such as graylog_01-03-17_timestamp_12-00, graylog_01-03-17_timestamp_13-00, etc if split per hour

Possible Solution

When the index is created, name it with the current date and time

Steps to Reproduce (for bugs)

N/A

Context

When using elasticsearch with logstash, we used the following config and variables to dynamically insert the date in the index
output {
elasticsearch {
host => localhost
index => 'dsg-logstash-%{+YYYY.MM.dd}'
protocol => http
}
}

Your Environment

• Graylog Version: 2.2.0
• Elasticsearch Version: 2.3.2

[florianpopp]

This is technically to expensive to change right now. We consider this to be a use case for the Graylog Archive. Please take a look: https://www.graylog.org/enterprise/feature/archiving

[wvcardoso]

Will we ever have this feature in the community version?