Hi,
I want to combine network data (based on scr/dst/port) to an aggregated index after 20 days. This to decrease the disk usage of this indices but still have the combined data available for specific searches.
I'm checking the rollup and transform functionality. Does anyone has experience with this kind of setup? What is the most advisable to use?
br
Sören