Hello, I am wondering what is the best practices for handling a big data indexes. For example if a firewall sends way too much logs to elastic stack, what is the best way to handle this situation?
Is it possible to archive data but be able to read it?