ILM Policy Clarification

gbandasha · November 5, 2022, 7:48am

Hello Team,

Firstly I would like to define my flow, my setup uses all three components ELK, and the data is sent from a Big Data Platform to Kafka from which logstash reads and sends it to elastic. So I planned to setup the ILM Policy at the logstash level.

I have two questions

I am processing historical data and when I send the past 5 years' worth of data all is kept in HOT index because the @timstamp is today. How can I make it cold based on the date inside the file ?
Below is what I have setup at the logstash config level but I have noticed that when I send all historical months the index doesn't get rollover all stays in the HOT phase.

ilm_rollover_alias => "as-client-trans" ilm_pattern => "{now/M{yyyy.MM}}-000001" ilm_policy => "test" document_id => "%{unique_id}"

Regards,
Guru

warkolm · November 7, 2022, 3:28am

Yes. The best way to do that would be to ingest the data by age, then manually migrate the indices with the older data indexing is done
That's probably related to point 1 above, and will depend on your policy

gbandasha · December 4, 2022, 10:37am

So I need more clarity on when you say manually migrate the indices, do you mean first send the data into seperate indices by month and year , like transaction_2022_01, transaction_2022_02 , transaction_2022_03 ... and then how to manually set it to cold phase ?

warkolm · December 4, 2022, 9:07pm

gbandasha · December 5, 2022, 10:00am

I will try that, thanks @warkolm

system · January 2, 2023, 10:01am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.