Hi, the local storage on my ELK stack is 95% full and I can no longer see logs in Elastic. I just wanted some advice on how best to reduce the storage on the local disk please and start using Elastic again. I don't really want to add more storage to my EC2 instance as because in about a month I will have the same problem again.
Are you deleting older indices? That'd be where I'd start.
Im not no, Im new to ELK and Elastic, so not sure how to delete the older indices? If I did delete the older indices, would that affect the searching of older logs?
Yes because they won't exist in Elasticsearch.
But unless you can add more disk space to the host, that's the only real alternative.
Delete index API | Elasticsearch Guide [8.11] | Elastic goes into it
Ok thanks for the document. If I do add more disk, in a month or so it will just fill up again, can I enable something like logrotate?
Thanks. I have created the ILM, not sure how to apply it? I have logstash and filebeat. All of my logs come in from AWS EFS drives.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.