Hi,
Most of my system is dragging, especially when running large queries... Does my data seem out of control? I only have 12 winlogbeat clients pushing event logs into the stack..
elasticsearch
2 nodes
1,269 indices
12,674 shards
5,751,097 docs
10.59GB
Given the cluster size and data volume you have far too many shards. Have a look at this blog post for some practical guidelines.
I saw that but it does not say how?
One way is to use the shrink API to shrink each index down to a single primary shard, but that only reduces the shard count by a factor of 5 if we assume default settings have been used. You probably need to reduce the shard count by more than that, and may therefore need to reindex your data and perhaps go from daily indices to monthly ones (possibly with a single primary shard).
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.