I have a Log stream to ES indices that roll daily and i need to store 90 days of data.
How can i setup a dashboard that searches data from last two days. And then when needed extrapolate to old dates when needed.
Currently i have index pattern set to log* and dashboards takes few minutes to show up, and i believe it is searching across all indices even when it is looking for last hour data. i want to improve user experience with dashboards. Any help.
You have to set the time in the timepicker (top right of the screen) and ES will only search in the indices that have data from that time span.
What version of ES/Kibana are you using?
ES/Kibana version 5.4.2
so how would ES know not to look in old indices as index pattern would match all dates.
There is a search phase in ES that checks to see if a query can match on a shard before doing the actual search. I think it was introduced somewhere around 5.6, probably why you're seeing the performance hit in your case.
Can you please confirm thats the case.. so atleast some references to what i need to search in release notes or documentations
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.