Cross indexes aggregations - should I worry?

itaydvir · September 28, 2016, 10:10am

Hello,

I'm writing an analytics system based on elasticsearch 2.3 and I'm trying to decide which approach to use: one index for all documents OR multi indexes (index per month).
Since I'm doing aggregations on date range (max 6 months back) - I'm afraid It might have performance issues with cross indexes aggregations... I couldn't find an answer on the internet, so I decided to ask here.
I'm expecting to have about 3M documents per month at the beginning.
and I assume that most aggregations will have a date range of 2 months (will have to access 2 indexes in case of multi-index solution).

So, what would you do?

One index of ~90M documents + add deletion plugin for cleanups
Creating 12 indexes (easy monthly documents cleanup)

Thanks in advance

warkolm · September 29, 2016, 11:44pm

I'd never, ever do 1. The cost in doing that delete-by is way too high if you can avoid it.
Go with 2.

The cost of cross querying doesn't matter, take a look at the bottom of this page;

Searching one index that has five primary shards is exactly equivalent to searching five indices that have one primary shard each.

Topic		Replies	Views
Optimizing Performance and Managing Daily Data Updates in Elasticsearch with Multiple Indices Elasticsearch	3	87	March 29, 2024
Small vs Large indices Elasticsearch	7	7819	July 5, 2017
Modeling index for aggregation performance Elasticsearch	4	666	July 6, 2017
Guidance on Using Multiple Indexes vs One Index for Time Series Data from Multiple Sources Elasticsearch	11	8998	July 5, 2017
Elastic search, multiple indexes vs one index Elasticsearch	7	3154	July 5, 2017

Cross indexes aggregations - should I worry?

Related Topics