Answer the question
In order to leave comments, you need to log in
S
S
SergioMaroni2020-12-23 20:13:42
SergioMaroni, 2020-12-23 20:13:42
Elk how to set up index rotation by size?
Good afternoon.
There is elk.
The server only has 100GB of free space.
Applied Services look for logs in logstash, which sends it to elastic. Unfortunately, the volume of logs is not uniform, there are days of 1 GB of logs, but there are also 30 GB of logs per day.
How to configure elastic so that it only stores 80GB of logs.
I myself was able to set up only rotation by day, which does not suit me, since the volume of logs is not uniform.
2 answer(s)
@vitaly_il1
@SergioMaroni
V
Vitaly Karasik, 2020-12-24 @vitaly_il1
As far as I understand, the easiest option is to make an hourly index, and rotate by size.
Here is an example with Index Lifecycle Management https://blog.nviso.eu/2019/06/17/optimizing-elasti... .
S
SergioMaroni, 2020-12-24 @SergioMaroni
Thanks for the answer
, but as I understand it, deletion still occurs only by "date". That is, we perform rotation by size or date (Hot stage), and in the "Delete" stage we delete from the creation date. Thus, you can not limit the amount of stored indexes (no more than 80GB).
Similar questions
O
D
B
M
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question