Currently, we have deployed elasticsearch in our kubernetes cluster where we have daily indices configured. Currently for multiple tenants we store logs in same index based on routing key. We have daily curator job which runs to create snapshot of the previous index. We were planning to have different snapshot created for each tenant. Is it possible to split index into multiple snapshots based on any query.
The retention policies for each tenant is different so were planning to separate out snapshots based on tenants. Any ideas how we can achieve this?
No. Snapshots are of entire indices only. If you need things split up like that, you will have to divide your indices accordingly.
One way to do this in multiple stages might be to use the Reindex API to reindex the contents of a query into a new index—even a temporary one—and then snapshot the resulting index.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.