Fit size of filebeat

The_Guaz · March 3, 2021, 12:53pm

Hi,

Generally filebeat mapping creating a lot of unused fields in my elasticsearch environment. I wonder, because size of the logs are excessivelly large (around 5-6 GB per day). Can I somehow delete unused mapping from index? Because if this is DB-like, I don't need table where every record contains around thousand nulls. How can I fit it, or it isn't use additional disk space?

Please correct me if I am wrong, but for comparrison, the same logs from the same source in wazuh weight like 8-10 times less.

Thanks in advance for reply and have a good day

mtojek · March 4, 2021, 9:38am

There is a similar product called Fleet that uses a different model of setting fields. It will configure only those fields that you're using.

Topic		Replies	Views
[Filebeat] Huge mapping (nearly 5k fields) when ingesting logs Beats filebeat	3	607	November 13, 2020
Index Space Utilization On Elastic Nodes Elasticsearch	14	302	April 19, 2024
Filebeat, Mapper Plugin & Adding _size to all new logs Beats filebeat	1	330	September 25, 2019
ELK cluster disk space usage optimization Elasticsearch	9	2584	July 5, 2017
Index data size is too big Elasticsearch	5	5789	October 18, 2017

Fit size of filebeat

Related topics