Logging indices for separate websites

bram · September 29, 2020, 1:10pm

Hey,

We're running multiple webshops on the same application. And we're logging some API calls we're making (with separate index for each logging use-case). We have one shared logging elasticsearch cluster.
But for the cluster, is it better to have one index with documents from all the webshops, or to split them up with one index each (still separating the separate logging use-cases)?

At the moment we have them split up:
shopA-apiX-logging-2020.08
shopB-apiX-logging-2020.08
shopA-apiX-logging-2020.09
shopB-apiX-logging-2020.09

But with ~10 different webshops, the amount of indices on our cluster keeps growing. While the indices are not that big.
Biggest index is 2.1gb, but the median is at 98mb.

Christian_Dahlqvist · September 30, 2020, 6:49am

Having lots of small indices and shards is inefficient and can cause problems, so I would probably recommend consolidating indices. Another way might be to have a monthly index per user rather than per application.

warkolm · September 30, 2020, 10:10pm

Look at using ILM to manage the rollover process.

system · October 28, 2020, 10:10pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Is greates store logs into one indice or store in N small indices? Elasticsearch	5	293	July 29, 2021
When should you split your indexes? Elasticsearch	9	8459	July 6, 2017
Index houskeeping (ILM) Elasticsearch rollups	6	421	March 7, 2022
Create new index or use the existing for small but different purpose source logs? Elasticsearch	2	497	July 5, 2017
Splitting index into smaller ones Elasticsearch	5	3619	July 6, 2017

Logging indices for separate websites

Related topics