Hello, I created an instance in Elastic Cloud, and I used Fleet to install Metricbeat, Endpoint Security, etc.

My instance started 1GB of RAM, and was costing me $40 a month or so. Now, it is costing me about $300 a month because Elastic Cloud by default, doesn't come with any Index Lifecycle Policies, data comes in and it just keep filing the disk, and I have to increase capacity.

It is a pain to delete data manually. So now I'm looking at creating an IL Policy, but there are TONS of Index Templates to associate the policy to:

image1387×448 58.5 KB

How did you guys go about having a decent lifecycle policy for Elastic Cloud and Fleet?

What version are you using?

Because by default, Fleet uses datastreams, which also use ILM - Data streams | Fleet and Elastic Agent Guide [7.15] | Elastic

I'm using v7.15.2.

When I look at the built-in ILMs, I see the following:

image320×813 21.7 KB

It's unclear which ones I should modify to, say, keep the beats and endpoint security data for no more than 2 weeks, should I go through all of them and set a delete action?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.