ElasticSearch 5.2.2 Retention Period - Clarification

titan1978 · January 29, 2018, 1:12am

Hello

Reading through a few forums I've come across TWO separate opinions on ElasticSearch's DEFAULT Retention Period. One indicated its 7 days whilst another Indicated its unlimited and one would manually need to DELETE or CLOSE older indices. Which one of these is the accurate statement? Also, in 5.2.2 what would be the preferred approach to maintain older indices?
My requirement is to maintain 365 days worth of data. On an average, each timestamp would store 5 KB worth of data, almost 20000 of each data per day. I'm curious, does Elastic Search support any data compression (seeing its all text) but allow real time searches as well ? - we can tolerate some performance dip

warkolm · January 29, 2018, 1:41am

Elasticsearch has a default retention period of nothing in that you need to decide how long to retain for. In practise that means it will retain everything forever as it just considers it data in indices.

The Monitoring functionality in X-Pack keeps things for 7 days by default.

titan1978 · January 29, 2018, 1:58am

I had to read about x-pack a bit - So X-PACK, if Installed, Overrides the retention period by default by deleting any indices 7 days and older?

warkolm · January 29, 2018, 2:40am

Only for data that is generated by the Monitoring functionality. Nothing else.

system · February 26, 2018, 2:40am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.