Tuning ELK Performance and controlling Logs

spravn789 · September 20, 2016, 9:53am

Hi All,

I need solution or guidance for below queries, to improve the performance. Kindly help.

We can control logs in kibana, like log only if Error, is there any other way to do the same for logstash?
Similarly Is it possible to deprecate index in run time, Like, i want to clear index data that are older than a week?
Also my Elasticsearch data file is around 50Gb, is there any method to reduce the size other than deleting the index.
There is only one node currently available, how to create more nodes and replicas? Do i need to run another elasticsearch instance in same machine?

jpountz · September 20, 2016, 10:12am

Similarly Is it possible to deprecate index in run time, Like, i want to clear index data that are older than a week?

You might want to look at curator: GitHub - elastic/curator: Curator: Tending your Elasticsearch indices

Also my Elasticsearch data file is around 50Gb, is there any method to reduce the size other than deleting the index.

Running optimize might help a bit, curator can ke used to automate it.

There is only one node currently available, how to create more nodes and replicas? Do i need to run another elasticsearch instance in same machine?

You can have multiple shards on a single node. However having multiple replicas of the same shard is not helpful on a single node since you can lose both at once. You should look into starting up another node on another machine.

spravn789 · September 20, 2016, 10:52am

Hi Adrien,

Thanks a lot will check on that.

Is there any other way like adding in few parameter/function in config. will be really helpful.