Logging indices for separate websites

bram · September 29, 2020, 1:10pm

Hey,

We're running multiple webshops on the same application. And we're logging some API calls we're making (with separate index for each logging use-case). We have one shared logging elasticsearch cluster.
But for the cluster, is it better to have one index with documents from all the webshops, or to split them up with one index each (still separating the separate logging use-cases)?

At the moment we have them split up:
shopA-apiX-logging-2020.08
shopB-apiX-logging-2020.08
shopA-apiX-logging-2020.09
shopB-apiX-logging-2020.09

But with ~10 different webshops, the amount of indices on our cluster keeps growing. While the indices are not that big.
Biggest index is 2.1gb, but the median is at 98mb.

Christian_Dahlqvist · September 30, 2020, 6:49am

Having lots of small indices and shards is inefficient and can cause problems, so I would probably recommend consolidating indices. Another way might be to have a monthly index per user rather than per application.

warkolm · September 30, 2020, 10:10pm

Look at using ILM to manage the rollover process.

system · October 28, 2020, 10:10pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Is greates store logs into one indice or store in N small indices? Elasticsearch	5	293	July 29, 2021
When should you split your indexes? Elasticsearch	9	8453	July 6, 2017
Index houskeeping (ILM) Elasticsearch rollups	6	421	March 7, 2022
What is better. Monthly Indices or 1 Index with more shards? Elasticsearch	5	1120	October 17, 2020
One large index vs. many smaller indexes Elasticsearch	5	10608	July 6, 2017

Logging indices for separate websites

Related Topics