We route lots of messages into our graylog system, e.g. access logs, debug logs from test environment, infrastructure logs etc. At the moment all these messages go into a single index and share the same retention policies. We would like to route incoming messages based on the input or some sort of other criteria into different indices with different retention polices, e.g. we want to keep access logs around and searchable for about two weeks but debugging messages from test or staging environment are pretty useless after one or two days.