Disk Usage problem

since1976 · November 13, 2020, 6:28am

Hi,

A bit of background in our environment, our logstash is installed with elastiflow. 1 cluster of 4 nodes elasticsearch with 2 P and 2 R in 2 zones. The setup is collecting logs from 2 WAN routers with netflow configured.

We find that the disk usage is about 40GB per day in the elasticsearch node. Compression is already set to L4Z. What else can we do to improve the disk usage?

Here are our thoughts.

Logs from routers to send at 2 minutes interval instead of 30 seconds
Remove raw data from elastiflow (We did and did not notice any significance)

Can anyone suggest any better ways?
Like removal of indices if they are not in use (But how do we know which indicies and how to remove)?

warkolm · November 16, 2020, 12:04am

Welcome to our community!

Have you optimised your mappings? What version are you on?

since1976 · November 16, 2020, 5:22am

Thanks, it's 6.5.4
How does mapping work?

Christian_Dahlqvist · November 16, 2020, 5:26am

I would recommend you read this section in the documentation.

system · December 14, 2020, 5:26am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Reducing Disk Space Requirements/ Deduplication? Zipping? Elasticsearch	5	2235	July 6, 2017
ElasticSearch index size peculiarity Elasticsearch	2	660	July 6, 2017
Elasticsearch Disk space issues Elasticsearch	5	3411	June 1, 2017
Reducing disk space Elasticsearch	2	2653	November 8, 2019
Elastic causes very high disk usage with minimal data Elasticsearch	6	2285	August 23, 2022

Disk Usage problem

Related topics