We are running ECK and we are trying to implement the best practices (metrics/metricbeat) and use a small dedicated cluster for monitoring.
Before separation, with monitoring enabled, we had a 7 special indices (something like .es-monitoring-YYYY.MM.dd) - each represents a day in the last week.
Now, after implementing the "external monitoring" cluster, everything works, but we have a strange indices that store data for more than a day and we have only two of them, looks like: .ds-.monitoring-es-8-mb-2023.05.26-000007
What does the ds represents?
Why isn't that index per day as before?
Is there anything to be worry about or is that ok?
This means that this is a backing indice for a data stream, it is how the beats store data now.
You can check on your monitoring cluster, go to Index Management under Stack Management and look at the Data Streams tab, there you will see the data streams and the backing indices.
Elastic changed from normal indices to data streams, and the beats data streams also have a default Index Lifecycle Policy associated to rollover and delete the data after some time.
No, you only need to check the default policy for how many days the data will be kept in the monitoring cluster and if you have disk space for that.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.