Changing the shard size

sagar_rao · March 16, 2021, 11:40am

Hi,
I have Aws elastic search cluster with two nodes. The data is being pushed from fluentd to elastic search. By default all the indexs have 5 primary shards and 1 replica. And i want to resize the no of primary shards to 2 for the new indexes. "I know i can use shrunk api for older indices"

Where can i do this. Indices are created by fluentd itself.

dadoonet · March 16, 2021, 1:21pm

I don't think you can reduce a 5 shards index to 2 shards. You would need to reindex instead in a new index.
But you can reduce to 1 shard I think. Here is a typical script to do that on an index INDEX in a cluster which has a node with name NODE1:

# Read only and move primaries to one single node and no replica
PUT /INDEX/_settings
{
  "settings": {
    "index.number_of_replicas": 0,
    "index.routing.allocation.require._name": "NODE1", 
    "index.blocks.write": true
  }
}

# Check shards allocation
GET /_cat/shards/INDEX*?v&h=index,shard,prirep,state,docs,node

# Shrink the index
POST /INDEX/_shrink/INDEX_shrunk
{
  "settings": {
    "index.routing.allocation.require._name": null,
    "index.blocks.write": null,
    "index.number_of_replicas": 1,
    "index.number_of_shards": 1 
  }
}

Check the fluentd documentation. May be you need to change an index template...

BTW did you look at Cloud by Elastic, also available if needed from AWS Marketplace, Azure Marketplace and Google Cloud Marketplace?

Cloud by elastic is one way to have access to all features, all managed by us. Think about what is there yet like Security, Monitoring, Reporting, SQL, Canvas, Maps UI, Alerting and built-in solutions named Observability, Security, Enterprise Search and what is coming next ...

sagar_rao · March 17, 2021, 5:32am

Hey Thank you for the reply

I dont want to change shard count for previous indexes . I only want to chnage the or restrict primary shard count to 2 for the new indexes which are going to come in. Is there a way to do that from elastic side. Or it should be done from fluentd end? Note: Fluentd is creating the index as the data coming into it.

Christian_Dahlqvist · March 17, 2021, 5:55am

You do that through an index template that matches the index names created by fluentd.

sagar_rao · March 17, 2021, 8:17am

How can i change the default value of shards in the cluster settings?

Christian_Dahlqvist · March 17, 2021, 8:18am

You need to use index templates.

sagar_rao · March 18, 2021, 9:57am

I used this index template

PUT _template/template_1
{
"index_patterns": ["te*", "bar*"],
"settings": {
"number_of_shards": 1
},
"mappings": {
"_source": {
"enabled": false
},
"properties": {
"host_name": {
"type": "keyword"
},
"created_at": {
"type": "date",
"format": "EEE MMM dd HH:mm:ss Z yyyy"
}
}
}
}

Now my indexes are not showing all the fields. should i also add fields to this index template.

If thats the case i cant some fields come in dynamically sometimes.

dadoonet · March 18, 2021, 12:48pm

Why did you disable the source field?

system · April 15, 2021, 12:48pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.