We have a ILM policy that deletes logs older than 240 days.
We also have a monitoring system that watches the mount point where the logs get stored for space.
Every 1-2 months, we get a alert that it gets near its threshold but randomly the next hours/days , it gets away from it but then meets it again. We imagine this is happening because it gets filled up, the ILM policy kicks in clearing logs but then in x timeframe, logs keep coming in and it fills up again.
I would like to be able to explain how the arch works when it comes to ILM and deleting: What process runs in this policy? Is it EXACTLY 240 days or is there a "refresh period" to where it looks at the policy THEN applies it? etc
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.