Best practice index naming

Igor_Samusenko · December 27, 2015, 1:55pm

Hi everyone,
I started learning about Elasticsearch last week and I found it great.
I noticed that by default Logstash ( yes we want to use elastic for storing logs, but I guess we will go further than storing logs) names indexes as myindex_yyyy.mm.dd.
What is the purpose of this approach, what is the benefit ?
I found that we can easily search by indexes like myindex__* or myindex_2015.*.
So, my main question is: why is that set by default, do I have to do the same? What will be different if I name index just myindex without date ?

Best, Ihor.

Christian_Dahlqvist · December 27, 2015, 3:03pm

The main reason for using time based indices is that it is an easy and efficient way to manage retention of data, as described here. Another side effect of this is that queries can be made to just hit the shards that hold data for a specific time period, which can improve performance.

Topic		Replies	Views
Elasticsearch output - index name pattern Logstash	10	21149	July 6, 2017
Index names including yyyy-mm-dd Elasticsearch	14	3250	February 13, 2019
How do I create an index name based on a time field that is not the timestamp? Logstash	3	1628	January 15, 2018
How to create rolling index with date as the index name? Elasticsearch	6	1902	June 2, 2021
Creating indexes on a weekly basis without using Logastash - possible? Elasticsearch	2	467	November 28, 2017

Best practice index naming

Related Topics