Best practice index naming

Igor_Samusenko · December 27, 2015, 1:55pm

Hi everyone,
I started learning about Elasticsearch last week and I found it great.
I noticed that by default Logstash ( yes we want to use elastic for storing logs, but I guess we will go further than storing logs) names indexes as myindex_yyyy.mm.dd.
What is the purpose of this approach, what is the benefit ?
I found that we can easily search by indexes like myindex__* or myindex_2015.*.
So, my main question is: why is that set by default, do I have to do the same? What will be different if I name index just myindex without date ?

Best, Ihor.

Christian_Dahlqvist · December 27, 2015, 3:03pm

The main reason for using time based indices is that it is an easy and efficient way to manage retention of data, as described here. Another side effect of this is that queries can be made to just hit the shards that hold data for a specific time period, which can improve performance.

Topic		Replies	Views
Index name conventions Elasticsearch	2	313	June 27, 2018
Recommendation for date in index name Logstash	1	371	October 8, 2018
Date in the name of an index Logstash	3	306	August 11, 2019
Elasticsearch output - index name pattern Logstash	10	21162	July 6, 2017
Index names including yyyy-mm-dd Elasticsearch	14	3256	February 13, 2019

Best practice index naming

Related topics