Hi. I collect multiple logs from multiple machines - it's about 15-20 GB daily.
I am wondering if I should create different index for every server of for every file to make searching faster.
Should I also create separate type for every server?
Now all my records have _type=log and indexlogstash-YYY.MM.dd
No, just use the hostname to filter on, you don't need to get much more complex than that at these volumes.
If a server was doing 10's of GBs, then you'd consider moving it.
Adding to this that types will be removed in the future so I would yet use one single type per index.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.