Multiple logging managers for different services, or one with multiple databases (graylog)

Damian Games

2/15/24, 8:51 AM

I am creating a logging infrastructure for a company with 2 unrelated services. Is it better to have:

a single graylog instance that routes the logs from the two services to different elasticsearch databases
or rather have two separate graylog instances running in 2 docker containers with their own elasticsearch clusters

I only have 1 server available for the logging stuff, there is not a huge volume of logs from either source.

I am not super experienced with server admin so I'm looking for advice for which might cause more headaches - having to deal with more complicated routing, certificates and port stuff or have all log files running through the same place and having to strictly separate them.

1 + 0

logging

docker

centralized-logging

graylog

Score:2

Server

Swisstone

2/17/24, 8:20 PM

I'd recommend setting up one OpenSearch cluster (because OpenSearch is recommended by GrayLog) and one Graylog instance: Then, you can route the logs to different streams and grant permissions accordingly.

By doing so, you'll only have to configure/update one Graylog and one OpenSearch cluster.

+ 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Multiple logging managers for different services, or one with multiple databases (graylog)

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.