Unique index for each user

JavaDeveloper · May 9, 2020, 7:23am

Hi everyone.
I'm sending my application's logs to logstash as json and I want to save them in elasticsearch by different indices.
In fact, I want to save logs of each user in a unique index that is equal to user key in the incoming json document. Because I want to provide different services to different users.
For example:

document storage time and also services for users can vary.
log content of each user may increase and I intend to increase the query speed by separating the indices.

Therefore:
Q1: Is it a good idea to separate each user's index?
Q2: How can I do it in logstash output config file?

Christian_Dahlqvist · May 9, 2020, 7:37am

Having lots of small indices and shards is very inefficient and does not d ale well. Separating indices per user can work for relatively small number of users though. If you however have lots of small users it is generally better to have them share indices and filter the queries.

How many users do you expect to need to support?

JavaDeveloper · May 9, 2020, 8:05am

About 100,000 users. So do you recommend have same index for all users?

Christian_Dahlqvist · May 9, 2020, 8:07am

With that amount of users you need to at least group them and could possibly benefit from using routing.

JavaDeveloper · May 9, 2020, 8:12am

@Christian_Dahlqvist
Thank you.

Topic		Replies	Views
Multiple indices vs. routing Elasticsearch	5	838	July 6, 2017
Logging indices for separate websites Elasticsearch	3	373	October 28, 2020
Help me understand the use case for indices Kibana	6	1215	April 6, 2017
How correct create indexes in Elasticsearch Elasticsearch	15	2066	April 7, 2017
Multi-million indices cluster Elasticsearch	6	96	August 20, 2024

Unique index for each user

Related topics