I have a question about the creation of a single index or multiple indexes.
I am dealing with computer vulnerabilities, so I save the information of the files in a single index and then I compare those files with another database where I have saved the vulnerable files, with their version, score and corresponding cve.
After that step I update the index by filling in new fields inside the same index. My question is, is it better to process the data in the same index or is it better to divide it in several indexes?
Then I show the data in a dashboard, then when processing data when I have a lot of data, I do not know if it would be better that all the data are in the same index or several.
I hope you can help me, I am new using Elasticsearch and I still lack experience with the tool to be able to solve certain questions.
Thank you very much for everything, sorry for my English, but I have helped me with a translator.
How many documents do you have?
Do you want to save history to show trends? Compare values from different times?
It really depends on your solution requirements.
Cheers!
Good afternoon,
I am going to process a lot of documents, because the project is for companies, to detect vulnerabilities of all the computers of a company.
I want to save the history, both current and from different years.
Thank you very much for the information. With that I have been able to create my indexes well and I have come to the conclusion that it was better to process all the information within the same index and put several temporary variables, to be able to get statistics.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.