Good evening I have an elastic installation, which receives information from logs of different systems, apache iis jbs etc. I find myself in the situation that in my company they want to obtain annual reports on daily hits.
The query that I want to ask you is if you know how to keep a daily accumulated index in another index.
Is the need understood? Thank you so much. regards
Do you mean an index which contains a list of created indices?
No. I give you an example. a day of logs in an index is a lot of information to save for a year, I do not have that disk capacity. What I think is that there is really daily information that when I get an annual report does not interest me. therefore my idea is to make an aggregate of information, sum and save it in a new index.
You can look up percolator query to see if that satisfies your needs.
Otherwise you can write a bunch of scripts which continuously poll the data as it gets indexed, and then applies whatever transformation needs to be applied in order to generate report worthy data and indexes it separately!
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.