I am facing some challenges with elastic storage in the cloud. Is there any way to transfer unwanted logs directly to frozen storage to reduce hot storage consumption?
Assuming you're talking about Elastic Cloud... No incoming data needs to land on hot first before moving to Frozen, but you can make the time it stays on hot relatively short.
How many GB / day Are you talking about?
Thank you for the reply!!
Actually, I am planning to host Elasticsearch on AWS self-managed. Therefore, I need to minimize the maximum cost. What is the best method to reduce costs for a Security Operations Center?
50 GB/Day
Hot Tier|7 days|
Warm Tier|33 days|
Cold TIer|50 days|
Frozen Tier|285 days|
It depends on your needs.
We have many customers that don't keep any data In warm And just move straight to cold then Frozen. We also have a number of customers that go directly from Hot Frozen... Which is perfectly valid
You will have to play with your ILM policies and made sure they still meet your requirements. And that might be easier in Elastic Cloud
Perhaps you should consider something like
50 GB/Day
Hot Tier| 3 days|
Warm Tier| 0 days|
Cold TIer| 27 days|
Frozen Tier| 335 days
Thank you so much for your reply. Could we receive professional support from the Elastic team to deploy our Elasticsearch on AWS?
Did you look at Cloud by Elastic, also available if needed from AWS Marketplace?
Is that what you meant by "deploy our Elasticsearch on AWS"?
We need the UAE location, but unfortunately, it is not in the UAE region.
So you want to deploy this by yourself, right?
If you want to have professional support for this, you will need to buy a commercial license.
I'd ask then for a quotation from the sales team. Which you can do from this page: Have questions? Contact Elastic | Elastic
HTH