I have an ELK-stack configured on a bunch of servers. For now we only have one master node and using Logstash on each serv to ship the logs.
I created indices as follow:
Now I want to create policy or rollup jobs (I guess) to check if there is less than 10 docs in one shard merge this to another one or if logstash send a log older than one month freeze the index.
I am not sur how I have to process with that.
Thanks for your help.