hi,
I am running elasticsearch with one node and currently sahre on the elasticserach 1000/1000 is this what causes elasticserach not to be able to create indexes?
is there an idea for the problem that I experienced
thanks,
hambali
Do you mean shard, not share?
sorry i mean shard elasticserach
How many indices and shards do you have? What version are you on?
1000 indices and i use elasticserach version 7.5.2.
Why do you need so many indices? How large are they?
Easier for me to do backup day, beat {winlogbeat, filebeat, auditbeat} around 200 mb and i make index network evry day, is it efficient to separate indexes every day?
You may want to move to monthly indices, as that is super small and you're wasting resources having so many small shards. You can also look at using ILM to manage this for you.
In the meantime, consider using a reindex job to "merge" these into monthly indices. That'll make a huge difference.
For now what should i do, do i have to reindex all existing indices?
Please adavace
You can change the shard limit - https://www.elastic.co/guide/en/elasticsearch/reference/current/allocation-total-shards.html - to get around this temporarily.
But it'd be strongly recommended to reduce your shard count by using ILM.
1 Like
Thanks solution i will configure indices once every month, and then i will configure ILM.
Hi Warkolm,
i need to know,
-
i've daily indices too, i think its make me save, is right ? . which want better montly backup or daily backup ? if we concern to secure data from the server crash sometime. cause we don't know what happen tommorow.
-
whats different betwen small shards and big shards ? from size and way to manage what is better? and what conditions we must use the small and big shards?
T4
Welcome to our community! 
Please create your own thread for this question.
ups, sorry.
Thanks dude
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.