Using ELK 7.3 on Ubuntu 18.04
I am gathering memory and cpu data every 5 min from several devices under test, looking for memory leaks in the firmware. This is written to disk as a csv file.
Since my visualizers are all using the TSVB visualizer, I read a little about the Time Series index.
The index I had been using was just 'memleak' and it appeared to be working just fine.
But, this is a time series, so I changed the index to 'memleak-%{+YYYY.MM.dd}' per an example I found online.
So, my question is, what is the benefit from using a time series index over just a static text index?
It makes deleting old data simpler.
because if I delete the csv files with a particular @timestamp, then the associated index will be removed also?
No. Suppose you are ingesting logs from a server and you only want to keep 60 days worth of logs. If you have daily indexes then you can just delete the oldest index each day. If you have a single index you would have to use a query to delete old data, which is far more expensive that just dropping one index.
So, I need to read more about Index lifecycle policies?
That should help.
Thank you!
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.