Hi,
I have an index keeps on indexing docs which are my server logs (e.g. user activities, transaction activities, system jobs, etc).
And my server needs to later query back ES by doc_id to get a transaction's info. Should I directly query the original index?
If I create a new index, only put transaction doc to it (clone in logstash) and query the index, is it good practice to optimize search performance?
Thanks,
Michael