I want to split the existing index to daily index

Rohit_Kumbhar · January 8, 2021, 6:58am

Hello,

I want to split the existing index of size 200gb into daily index, That index has data of 1 month.
I have setup of 8 core cpu and 16gb ram.
what query should I write on dev tools or is there any other way to execute this.
and how much time will it take to split the index.

I have tried this using logstash.
I took input as elasticsearch index and gave output according to the daily index.
but it takes a lot of time around 20 hours to split the 8 gb index after this the total size of daily indices increased more than 8 gb.

Please provide solution for this activity.
Kindly help.
Regards Rohit

myspacebarisbroken · January 9, 2021, 7:15am

Hi Rohit,

I can't answer the first part, but you can use the rollover API to create daily a new daily index when conditions are triggered: https://www.elastic.co/guide/en/elasticsearch/reference/master/indices-rollover-index.html

But you could try creating a new index, then using the reindex API on certain date ranges and so forth.

warkolm · January 11, 2021, 12:14am

Try using the _reindex API in Elasticsearch, with a timerange query to split things out.

Rohit_Kumbhar · January 12, 2021, 6:00pm

Thank you for your response,

I tried _reindex API Already but it also takes too much time to create index for this huge data

Christian_Dahlqvist · January 12, 2021, 6:16pm

Why are you looking to split the index? Is it due to query performance?

Which version of Elasticsearch are you using?

How many primary and replica shards does the index have?

ylasri · January 12, 2021, 6:56pm

You can use _reindex with a painless script to change dynamically the index name based on the date of the event, something like this should work

POST _reindex?wait_for_completion=false
{
  "source": {
    "index": "source-index-name"
  },
  "dest": {
    "index": "destination-index-name"
  },
  "script": {
    "source": """
    
        def inputFormat = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss");
        def myDate = inputFormat.parse(ctx._source['@timestamp']);
        
        def outputFormat = new SimpleDateFormat("yyyy-MM-dd");
        def outputDay = outputFormat.format(myDate);
        
        ctx._index = "destination-index-name-" + outputDay;
"""
  }
}

ylasri · January 12, 2021, 8:08pm

You can also explore this processor inside an ingest pipeline when reindexing

system · February 9, 2021, 8:08pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Splitting a single index into daily indices Elasticsearch	5	3639	July 5, 2017
How to split an existing large index into many smaller ones? Elasticsearch	1	361	August 13, 2019
One large index vs. many smaller indexes Elasticsearch	5	10613	July 6, 2017
Elasticsearch Index Rollover Elasticsearch	4	386	November 27, 2019
Splitting the elastic index to am and pm Elasticsearch	8	642	August 7, 2017

I want to split the existing index to daily index

Related topics