We have been asked different scenarios
For (1) it is actually the size of the "message"
My thought was to calculate size per message and then multiply by number of messages per day from the host
Is my understanding correct that the "message" field which comes into ES (if there was no alteration) is the original _raw data from the client system?
I'd may be use the mapper size plugin.
That would give you a raw idea of the size of every document.
Then if you filter by host and run a sum agg to the size field, that'd give you an idea of the size of the related documents.
thanks for that. may be not approved in our installation. Any other methods to find the size of _source field of already indexed fields?
I tried scrripts (using message.keyword, length) but all in vain
how about you do estimate. this is what I do.
run ingestion for a day from A system. after 24 hour I stop that.
go to index management and check the size and document count.
size/count = your single document size.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.