A coworker of mine brought up that we may want to look into reindexing Elasticsearch data on a regular basis due to items being deleted or whatever the case (daily or weekly), but I am not sure that is the best way to handle Elastic Stack. From what I have found, it seems like I should only be reindexing data when I want to put the data into a new index, like from "logstash" index to"windowsevents" index to have that index only contain Windows events for example, and when upgrading to major versions.
there are many reasons why you want to reindex ie. since indices are only supported for 2 major version. Yet, if you keep on updateing your index to keep it in sync with your deletes there is no reason to reindex. ES can cope with deletes and merges them away in the background. You may also reindex in situations when you chance you indexing chains /analyzers.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.