You can try if you like. ILM is a solution for you, and will help you to keep data for X days.
Another approach is to remove unnecessary fields, which may include the event and message fields. Of course it's good to have the error handling and keep the original message. It requires few additional lines.
Your elasticsearch service is getting killed, it is not running, you need to investigate why.
This will be logged in the system logged, you need to check on /var/log/syslog for any hint why the Elasticsearch service cannot start.
Try to start it again and check the log.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.