Data Lake Preview and Data Retrieval

Product Demo: Data Routing & Selective Log Retrieval in Graylog 6.2

See how Graylog’s Data Lake integration gives you cost-effective visibility without overloading your license.

In this walkthrough, the Graylog team demonstrates how to route DNS logs using dynamic index set rules—sending high-value logs to be indexed in Graylog while offloading less-critical data to Graylog’s Data Lake. This fine-tuned log management strategy helps reduce licensing costs without sacrificing visibility. With Graylog 6.2, users can now query the Data Lake directly, preview stored logs, and selectively retrieve messages for full indexing—supporting rapid investigations when every second counts.

What You’ll Learn in This Video:

• How to use index set rules to route log data based on filtering logic (e.g., DNS domain names)

• The difference between indexed logs and Data Lake storage in terms of licensing and investigation use cases

• How to query the Data Lake, preview logs, and retrieve specific messages for deeper analysis

• Why Graylog 6.2’s selective log retrieval helps balance cost control with full observability

• How to keep unindexed “noise” accessible for future investigations without overwhelming storage limits

Whether you’re fine-tuning your SOC workflows or simply looking to optimize how your organization handles growing volumes of log data, this feature walkthrough provides a clear look at how Graylog empowers smarter, more scalable log management.