Best way to convert existing logstash indexes from 5 to 1 shards

Stuart_Allen · September 6, 2017, 3:39pm

I setup my logstash with defaults not knowing about the 5 shards per index default. I now have lots of days of logstash daily data and have over 1000 shards, so I'm running into the search issue with that threshold.
What is the best approach to modify the template to 1 shard per index and reindex all of my data?

So far on dev I modified the template for logstash-* for 1 shard and wrote a bash script to _reindex each logstash-DAY index into logstash-DAY-bu

This seems ok, but was wondering if there was a proper way to do this?

Thanks for your time.

jpountz · September 6, 2017, 4:13pm

You can use the _shrink API. https://www.elastic.co/guide/en/elasticsearch/reference/5.6/indices-shrink-index.html

theuntergeek · September 6, 2017, 4:26pm

Curator 5.2 now has a shrink action to help with this.

Stuart_Allen · September 6, 2017, 6:17pm

Thanks guys, I'll check this out.

system · October 4, 2017, 6:17pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.