Hi folks.
We're thinking about having all our logs go to Elasticsearch: One document per log entry.
How should we expect Elasticsearch to perform at about 10**9 small documents of about 150 characters each, across about 30 shards?
Does it matter if we're doing a single, indexed document lookup, or if we're looking at every record in an index?
That is, is Elasticsearch closer to OLTP or Data Warehouse? Or dare I hope: is it good for both?
Also, what is the approximate storage overhead incurred by the indices for that many small documents?
Thanks!