Mapping for multiple users (mapping conflicts)

I'm trying to implement mapping for multiple users without triggering mapping conflict errors for log data. As of now we have about a 1000 users storing data in the cluster for 30 days.

Right now we're storing data in a indice per day fashion (logs-Y-M-D). We parse json data in our logs automatically and store it, some users will use the same value for example json.time="July 1st 2019, 11:04:40.870" but another user might set a timestamp json.time=1561971916.

Should we switch to an incide per user per day (1000*30 indices) or are there other options?

Something I thought of is to store the json value in a per user variable for example USERID.json.time='timevalue'.

Anyone can help with this?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.