We are planning to define 2 kind of indices for our event logging system based on elasticsearch. The first one would contain the actually generated event logs, containing the timestamp of the event occurence, as well as the unique event-identifier. The other index would contain detailed static information (several texts) about the event, for each event-identifier. It is possible that there are several such datasets, if several languages have to be supported in the project (the texts are defined in the different languages, for each language in an own index).
What aspects must be considered when designing the indices to get a good perfomance when querying the combined information (with kibana for instance), by joining the dynamic data from the time-based event logger index, with the static information from the language specfic index. As the dynamically logged events should be stored in rolling indices created on a daily basis, it should be also possible to get performant queries for several days, involving even more indices in the query.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.