Hello,
I recently tried to reindex 40ish smaller indexes into on big index for better distribution. reindexing was going fine I was watching the process on monitoring ui, and the task was ok no failed shards. After quite sometime almost 6 hours, the indexing was half way done. Our unix admin sends us an email about a disk alarm, I went into the machine which indeed had the primary shard of the destination index, I was reindexing to. I tailed the last audit.json file which is now 25 GBs and found out the machine constantly logs bulk write requests into its audit logs, I cancelled the task since we did not have enough space on the machine for further logging.
Do elastic have a way of not logging a certain task under auditing can we give a parameter to cancel logging? or do i need to exclude that action from audit logs and restart each node to be able to finish this reindex without exploding my disks?
Best regards.