Graylog has a configuration that tells it how long to keep log data. The standard behavior is to just delete data that contains log messages older than the configured retention period. The archiving functionality configures Graylog to automatically write all messages of an index to flat files on disk before deleting the index.
Simply configure the details in the Graylog console: where to send the index files, how long before re-indexing, how long to keep the files before overwriting, how large the files are allowed to get, what compression type you want to use, and a few other options. You can even archive some streams while automatically deleting old data in others to minimize the amount of storage you need while still addressing your different use cases.
If you need to take another look at archived data, you can temporarily re-import any archives for analysis in Graylog using the web interface. After you finish, you can once again delete the imported archive data.