Hi all,
I have a basic set up. The stack is installed on a Windows 2012 box. I have only configured it to take windows logs through winlogbeat. I have not configured any other settings.
I am ingesting from 3 assets: 2 remote and itself.
I started looking into the concepts of Index and Shards as a result I check what my current solution looked like.
Is it normal for the stack to create this many Indexes for such a small set up?
Would it be better to create one index because the log types are the same?
Thanks