I am running ELK stack on a single node Windows 2012 R2 server. It was working well until after deploying several winlogbeat clients (about 60 total) at once. The server seemed to be overloaded trying to process all of the logs, so I added RAM and it has been a couple of weeks now and never recovered. I can still search but it is slow and times out most times, but the server performance itself looks to be fine with 4 cores and 64GB of RAM. I read that archiving older indices onto an external drive would help, but I could not find anything through my research explaining how to do this. Any help would be greatly appreciated.
You can't really do what you're asking.
It'd be either you taking a snapshot of older indices and storing them on that disk, or setting up another node with that disk as it's data path.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.