I just wondered if I understood the retention policy and if this scenario is good practice.
let’s say I have telegraf on N servers as an agent to collect logs (IIS ,eventViewr …)
I will create 3 retention policy’s
- Default for long term query.
- 7d for week long query.
- 1d for real time.
By doing that I will replicate the data and iterate on lees data per query?