Fit size of filebeat

The_Guaz · March 3, 2021, 12:53pm

Hi,

Generally filebeat mapping creating a lot of unused fields in my elasticsearch environment. I wonder, because size of the logs are excessivelly large (around 5-6 GB per day). Can I somehow delete unused mapping from index? Because if this is DB-like, I don't need table where every record contains around thousand nulls. How can I fit it, or it isn't use additional disk space?

Please correct me if I am wrong, but for comparrison, the same logs from the same source in wazuh weight like 8-10 times less.

Thanks in advance for reply and have a good day

mtojek · March 4, 2021, 9:38am

There is a similar product called Fleet that uses a different model of setting fields. It will configure only those fields that you're using.

system · April 1, 2021, 11:38am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
[Filebeat] Huge mapping (nearly 5k fields) when ingesting logs Beats filebeat	3	520	November 13, 2020
While shipping the server logs through filebeat to elasticsearch via logstash , most of the entries are missing Beats filebeat	3	585	September 23, 2019
How to remove filebeat (index/Data) to reclaim space Elasticsearch	1	486	October 30, 2019
Filebeat large files Beats	5	1836	July 5, 2017
Filebeat failed to insert too much log Beats filebeat	2	296	December 7, 2020

Fit size of filebeat

Related topics