Index pattern type in Elasticsearch

Ganesh2303 · September 10, 2020, 1:43pm

HI Team,
I would like to take some suggestion to create index pattern in ELK.

As per my current configuration in production, i'm index data in ES by monthly index with 1 Primary Shard and 2 replicas.

Due to that i was faced below in ES,

" Elasticsearch throwing number of documents in the index cannot exceed 2147483519"

To avoid such issue i would to break monthly into weekly or Day basis.

I need your input which approach is best approach in production.

Looking forward your inputs on this query

lzukel · September 10, 2020, 2:20pm

There are a lot of factors at play.

You could increase the number of primary shards for your index, which would allow you 2^31 documents per primary shard.
You could goto a weekly index ~4 times the amount of shards you currently have per month
You could goto a daily index ~30 times the amount of shards you currently have per month

Which is best is going to be based on many factors, including but not limited to:
Your cluster architecture, number of nodes, indexing pressure, read pressure, number of cpus available, amount of heap and ram available, speed of disks... The best approach would be to test, test, and test again.

Ganesh2303 · September 10, 2020, 2:27pm

I have below setup,

3 master node, 3 data node

total        used        free      shared  buff/cache   available
Mem:       65808032    35851440      367148        7704    29589444    29416536
Swap:       2097148      586240     1510908

How to increase the shards value in index

system · October 8, 2020, 2:27pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.