Hi,
in our project we are using a multitenant cluster where several applications are logging to it with weekly log indices.
We are facing now a problem because some of these applications are creating very big indices of logs saturating our disk space. We cannot increase our disk storage because it is a fixed size.
Is there any possibility to create "quotas" in order to limit in some way the quantity of logs each application can create? There is any solution or alternative that Elasticsearch can provide in this kind of situation?
Thanks
Welcome to our community! 
Not natively, no.
You can look to split indices by user, then use [ILM]ILM: Manage the index lifecycle | Elasticsearch Guide [8.11] | Elastic) to manage retention.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.