Hello,
I have an question about the index naming policy for log monitoring.
As a purpose of saving log, what is the recommended index naming policy? Are there any good ES skills to handle a number of indices?
Simply, I plan to create daily index based on each log file name like below format ('server' is prefix), but realize it will produce too many indices.
[Index Name Example] server-fileName-yyyyMMdd
If 5 log files from 1 server are monitored, 5 indices will be created every day....
I also consider creating index based on server name (server-serverName-yyyyMMdd).
However, the size of each index could be huge if all server logs will be saved in same index. It will affect the search time as well.
Please share ideas how to manage the index efficiently.
