Hi All,
I had configured ELK stack deployed in Kubernetes and there are multiple components deployed and logs will be stored using ELK. On an average , per day index size is 30GB and how couple of weeks I can see my indices size is showing as 120gb.
How can I findout which application sends more number of logs to ELK stack?
Regards
VK
Depending on where you see "index size", it may include primary and replica shards. So if you have 30G of ingest and 2 replicas, 30G x 3 would be 90G.
Use Kibana Discover and Visualize to study your data, like events per host.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.