Time Series Index

Using ELK 7.3 on Ubuntu 18.04
I am gathering memory and cpu data every 5 min from several devices under test, looking for memory leaks in the firmware. This is written to disk as a csv file.
Since my visualizers are all using the TSVB visualizer, I read a little about the Time Series index.
The index I had been using was just 'memleak' and it appeared to be working just fine.
But, this is a time series, so I changed the index to 'memleak-%{+YYYY.MM.dd}' per an example I found online.
So, my question is, what is the benefit from using a time series index over just a static text index?

It makes deleting old data simpler.

because if I delete the csv files with a particular @timestamp, then the associated index will be removed also?

No. Suppose you are ingesting logs from a server and you only want to keep 60 days worth of logs. If you have daily indexes then you can just delete the oldest index each day. If you have a single index you would have to use a query to delete old data, which is far more expensive that just dropping one index.

1 Like

So, I need to read more about Index lifecycle policies?

That should help.

Thank you!

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.