Greetings!
I plain to use elasticache with logstash.
Our production servers send about 20G of logs per day, so indexing server
may run out of disk space very soon.
On my current system (which I want to replace) I have a control over
indexed data rolling mechanism, i.e. I can configure it to archive the old
data and after a some period of time remove it completely from index DB.
Tried to search for an alternative configuration in elasticsearch, but with
no luck.
Can you please advise on what my options are ?
Apart from that you can use time based indices (per month), combine them
for search via aliases, and maybe delete them manually via a cronjob at the
beginning of each month, or even have a small monitoring script, which
checks the available space and then deletes the oldest data automatically
for now.
Greetings!
I plain to use elasticache with logstash.
Our production servers send about 20G of logs per day, so indexing server
may run out of disk space very soon.
On my current system (which I want to replace) I have a control over
indexed data rolling mechanism, i.e. I can configure it to archive the old
data and after a some period of time remove it completely from index DB.
Tried to search for an alternative configuration in elasticsearch, but
with no luck.
Can you please advise on what my options are ?
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.