Converting from single index to index per time frame schema

Elastic Stack Elasticsearch
1

Hi,

Please help me to continue

We get around 30 million records per day in our database server. Presently, we were saving this data in a single index. As data keeps growing, now we are now facing slowness and memory full issues whenever we try to search something from the index. Hence, I wanted to move from single index to index per time frame.

My present index schema is

PUT event
{
                    "settings": {
                        "analysis": {
                            "normalizer": {
                                "lc_normalizer": {
                                "type": "custom",
                                "char_filter": [],
                                "filter": ["lowercase", "asciifolding"]
                                }
                            }
                        }
                    },
                    "mappings": {
                            "events": {
                            "properties": {
                                "idx":              { "type": "keyword","index" : "true" },
                                "scrip":            { "type": "integer", "index" : "true" },
                                "entered":          { "type": "date"   , "index" : "true"  , "format": "strict_date_optional_time||epoch_millis" },
                                "enteredDate":      { "type": "keyword"   , "index" : "true"},
                                "serverDate":       { "type": "keyword"   , "index" : "true"},
                                "customer":         { "type": "keyword", "index" : "true" },
                                "machine":          { "type": "keyword", "index" : "true" }
                            }
                        }
                    }
                }

Please suggest how to create schema in elastic search to achieve index per time frame.

I have written a code using nested type and in this one I want to save each day's data in a nested block. Let me know if this a correct way.

PUT event_june
{
	"settings": {
		"analysis": {
			"normalizer": {
				"lc_normalizer": {
					"type": "custom",
					"char_filter": [],
					"filter": ["lowercase", "asciifolding"]
				}
			}
		}
	},
	"mappings": {
		"events": {
			"properties": {
				"29062018": {
					"type": "nested",
					"properties": {
						"idx": {"type": "keyword","index": "true"},
						"scrip": {"type": "integer","index": "true"},
						"entered": {"type": "date","index": "true","format": "strict_date_optional_time||epoch_millis"},
						"customer": {"type": "keyword","index": "true"},
						"machine": {"type": "keyword","index": "true"},
					}
				},
				"30062018": {
					"type": "nested",
					"properties": {
						"idx": {"type": "keyword","index": "true"},
						"scrip": {"type": "integer","index": "true"},
						"entered": {"type": "date","index": "true","format": "strict_date_optional_time||epoch_millis"},
						"customer": {"type": "keyword","index": "true"},
						"machine": {"type": "keyword","index": "true"},
					}
				}
			}
		}
	}
}
2

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.