Hi ,
I am using ES version 6.7.0. I am sending to ES , so I created index every day.
I just want to know Purpose and usage of index at ES.
Which is the best way to store logs, per day or all in one index.
Thanks in advance
Hi @NAHA
From my point of view it is good to create an index per day. So if you want to delete data older than 1 month you just need to delete the indices which are older. this gets complicated if you have all the data in one index. For cleaning up the indices you can use curator
But let me also tell the advantage of Index lifecycle Management. This feature allows you to manage indices depending on a policy which you can define. For example create a new index if the index is 20gb, or 2 days old. I can suggest this feature very well.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.