Unique index for each user

JavaDeveloper · May 9, 2020, 7:23am

Hi everyone.
I'm sending my application's logs to logstash as json and I want to save them in elasticsearch by different indices.
In fact, I want to save logs of each user in a unique index that is equal to user key in the incoming json document. Because I want to provide different services to different users.
For example:

document storage time and also services for users can vary.
log content of each user may increase and I intend to increase the query speed by separating the indices.

Therefore:
Q1: Is it a good idea to separate each user's index?
Q2: How can I do it in logstash output config file?

Christian_Dahlqvist · May 9, 2020, 7:37am

Having lots of small indices and shards is very inefficient and does not d ale well. Separating indices per user can work for relatively small number of users though. If you however have lots of small users it is generally better to have them share indices and filter the queries.

How many users do you expect to need to support?

JavaDeveloper · May 9, 2020, 8:05am

About 100,000 users. So do you recommend have same index for all users?

Christian_Dahlqvist · May 9, 2020, 8:07am

With that amount of users you need to at least group them and could possibly benefit from using routing.

JavaDeveloper · May 9, 2020, 8:12am

@Christian_Dahlqvist
Thank you.

system · June 6, 2020, 8:12am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.