Hi,

Following up on Jim's reply, which I can back a 100%, another good reason
not to have a large retention in Elasticsearch is that it's not doing very
well with a large number of indices.

______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq