Hi folks,
I want to archive the _size field (along with some other fields such as kubernetes.namespace) in a dedicated archive index. From here I have learned that this could be done using Roll Ups.
However I am not sure how I can configure it. I can see in the roll up UI in kibana, that some documents have been "considered" but I see 0 documents in my archive index.
This is my roll up job config:
{
"config": {
"id": "archive",
"index_pattern": "my-index-*",
"rollup_index": "archive",
"cron": "0 * * * * ?",
"groups": {
"date_histogram": {
"fixed_interval": "5m",
"field": "@timestamp",
"delay": "1m",
"time_zone": "UTC"
},
"histogram": {
"interval": 5,
"fields": [
"_size"
]
},
"terms": {
"fields": [
"kubernetes.namespace"
]
}
},
"metrics": [
{
"field": "@timestamp",
"metrics": [
"max",
"min",
"value_count"
]
},
{
"field": "_size",
"metrics": [
"avg",
"max",
"min",
"sum",
"value_count"
]
}
],
"timeout": "20s",
"page_size": 1000
},
"status": {
"job_state": "started",
"current_position": {
"@timestamp.date_histogram": 1643907600000,
"_size.histogram": null,
"kubernetes.namespace.terms": null
},
"upgraded_doc_id": true
},
"stats": {
"pages_processed": 92,
"documents_processed": 2178506,
"rollups_indexed": 89866,
"trigger_count": 2,
"index_time_in_ms": 11240,
"index_total": 90,
"index_failures": 0,
"search_time_in_ms": 12665,
"search_total": 92,
"search_failures": 0,
"processing_time_in_ms": 1195,
"processing_total": 92
}
}
Appreciate any help. Thanks