Best way to convert existing logstash indexes from 5 to 1 shards

Stuart_Allen · September 6, 2017, 3:39pm

I setup my logstash with defaults not knowing about the 5 shards per index default. I now have lots of days of logstash daily data and have over 1000 shards, so I'm running into the search issue with that threshold.
What is the best approach to modify the template to 1 shard per index and reindex all of my data?

So far on dev I modified the template for logstash-* for 1 shard and wrote a bash script to _reindex each logstash-DAY index into logstash-DAY-bu

This seems ok, but was wondering if there was a proper way to do this?

Thanks for your time.

jpountz · September 6, 2017, 4:13pm

You can use the _shrink API. https://www.elastic.co/guide/en/elasticsearch/reference/5.6/indices-shrink-index.html

theuntergeek · September 6, 2017, 4:26pm

Curator 5.2 now has a shrink action to help with this.

Stuart_Allen · September 6, 2017, 6:17pm

Thanks guys, I'll check this out.

system · October 4, 2017, 6:17pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Reduce the amount of shards of index (Elasticsearch) Logstash	9	1077	June 20, 2019
Edit default logstash index template Logstash	1	381	July 9, 2020
Decrease the number of shards Elasticsearch	12	31652	June 18, 2017
How to scale daily indexing Logstash	3	2320	July 6, 2017
Reduce default shards for dynamic index Elasticsearch	3	521	September 20, 2017

Best way to convert existing logstash indexes from 5 to 1 shards

Related topics