this will explode in number of index. too many if you do it daily.
you have to find out how large each index is per application if they are small then you might want to do it monthly index per application if you want to seperate by application
if you want to do it by server then you have to check that.
basically it is bad idea to have too many small index.
hi creating multiple index should be faster right in performance than creating single index? When i want search for specific data in 1 logs. If single index, in that index will have alot of logs but i jsut want to search for a particular logs. wont it be slow?
yes it does. I thought along the same logic when I was first learning elk. but as you will grow. too many index will slow down everything as cluster have to keep stat of everything. and there is some hard limit of how many shard each server can have. once you reach that limit you will have many other problem.
once I started following rule that most used index will be max 10gig, less use index I use 30gig or more, since then I have very less problem and speed is not an issue so far.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
