HI,
We use ELK for analyze Nginx log(200G/d),now, we feed the log to elasticsearch after filter it by Logstash(so slow..),then construct visualizations of search results and create some dashbord with them.
but the original Nginx logs which put to elasticsearch more bigger day after day,so, I want to know that
can elasticsearch only store the search results of visualizations?
You mean index that data into ES, then run your visualisation, then save just that aggregated data into ES and remove the original data?
If so, no.
yes, I men this....
why not, I only need the results...
Because it cannot just generate the results from nothing for starters.
You may be able to do this, but it's not anything ES provides natively.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.