Set active index

Rhys_Campbell · August 5, 2014, 3:04pm

Hi All,

I have setup a EFK system just for testing at the moment.

It's running in a VM with not much RAM and I am having problem with the
elasticsearch process because of this. The VIRT = 12GB which is
approximately the total size of the indexes.

My indexes are split by date like so...

logstash-2014.06.01
logstash-2014.06.02...

and so on. I'm guessing elasticsearch is trying to hold all of this in RAM.
Is there a way I can setup elasticsearch to only search a specific index
(or number of indices)? Is it just a case of archiving the logs I don't
want ES to deal with? Ideally I'd like to work with only the last day or
two of indexes which will hopefully all fit into RAM.

Cheers,

Rhys

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/4b2533dd-752b-442f-9ba3-a71de0cac6ff%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Ivan · August 5, 2014, 3:17pm

You can set up an alias for the indexes you want to query and use only the
alias for queries, not the direct index names:

For archiving, look into the curator script, which helps close/delete old
indexes:

Sematext/Otis did tweet about something related that could be interesting,
but did not elaborate further:

Cheers,

Ivan

On Tue, Aug 5, 2014 at 8:04 AM, Rhys Campbell <rhys.james.campbell@gmail.com

wrote:

Hi All,

I have setup a EFK system just for testing at the moment.

It's running in a VM with not much RAM and I am having problem with the
elasticsearch process because of this. The VIRT = 12GB which is
approximately the total size of the indexes.

My indexes are split by date like so...

logstash-2014.06.01
logstash-2014.06.02...

and so on. I'm guessing elasticsearch is trying to hold all of this in
RAM. Is there a way I can setup elasticsearch to only search a specific
index (or number of indices)? Is it just a case of archiving the logs I
don't want ES to deal with? Ideally I'd like to work with only the last day
or two of indexes which will hopefully all fit into RAM.

Cheers,

Rhys

--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/4b2533dd-752b-442f-9ba3-a71de0cac6ff%40googlegroups.com
https://groups.google.com/d/msgid/elasticsearch/4b2533dd-752b-442f-9ba3-a71de0cac6ff%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/CALY%3DcQCeB90u78%3D_8kr2PGJ7u6SvVhN6G4Tcoek%2B6h_8uGijtQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.