Archival strategy of indices

gthang · June 22, 2018, 9:14pm

Hello,

We have about 40 different indices being produced everyday. We currently have an alias setup for to point to the current business day index, and every night when the day rolls over, we create a new index and recreate the alias.

Ideally we would like to make the previous day's index read-only and move it to SAN. We would still be able to access it to run queries etc. I don't think the snapshot feature will allow us to query the index without restoring it.

Any thoughts/suggestions and best practises for what I am trying to achieve?

Thanks!
G-Thang

warkolm · June 22, 2018, 9:16pm

Elasticsearch Curator is usually what we recommend here.

gthang · June 22, 2018, 9:22pm

Thanks for that, but unfortunately I can't install the package in the production host(security drama). I will just have to use the existing REST calls :(.

theuntergeek · June 22, 2018, 11:02pm

Curator doesn't have to be installed in the cluster. It only needs client access, which supports all X-Pack Security/SSL options.

system · July 20, 2018, 11:12pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Remove old incidies and back it up Elasticsearch	2	423	August 7, 2018
WorkFlow for Snapshotting Indices as a Backup Option Elasticsearch	2	373	August 10, 2018
Index Backup & Archive to tape strategy Elasticsearch	4	1750	December 19, 2018
Snapshot Strategy for archival Elasticsearch	3	1044	September 7, 2017
Snapshot & restore Elasticsearch	7	1019	December 4, 2017

Archival strategy of indices

Related topics