Hello,
I ran into this example in the kibana getting started tutorial, but I believe my question applied to the underlying elasticsearch.
Loading the sample data here, I noticed when loading logs.jsonl that three indexes were created:
logstash-2015.05.18
logstash-2015.05.19
logstash-2015.05.20
And in each index, goes the sample log data from the date in the index.
what are the pros and cons in creating indexes divided out by date?
Thank you for your time...
--jason
Retention management - it means when you no longer want data from 2015.05.18 you can delete it easily. If it was all in one big index it becomes a lot harder.
It also means you can do smarter querying by targeting indices that only have the data you want.
Ok, thanks!
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.