i've been using ES for about 2 yrs, never need to really store anything long term, so alias's and rollovers were never needed. I understand the concept, but cant seem to find any good resources in a walk-through or best practices.
what i'm trying to do is basically only keep 90 days worth of my firewall logs and 30 days worth of metricbeat logs.
Any resources or pointers would be appreciated.
Thank you
Darrell
yes, i guess it all goes together. you need an alias to get ILM working?
That is part of it, yes.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.