elasticsearch // index template setup

logging | elk | fluentbit

on kibana

create rollover+delete policy

stack mgmt / index lifecycle mgmt

create policy

name:       logs-policy

advanced settings
    max shard size  1 GiB
    max age     5 days
    max index size  3 GiB

index priority: 100 for hot or disable if this is a poc

TODO also delete as done in the [osearch guide]](osearch-mgmt)

an index template

stack mgmt / index mgmt / index templates

create template

name:       logs-template
patterns:   logs-*
        data stream V

index settings

e.g. for 3 nodes

{
  "index": {
    "lifecycle": {
      "name": "logs-policy"
    },
    "number_of_shards": "3",
    "number_of_replicas": "0"
  }
}

index mapping - see elastic-mgmt-mapping

and search pattern – note matching indices need to exist already! (only with elastic)

stack mgmt / index mgmt / search patterns

create index pattern

name:       logs-*
timestamp:  @timestamp

resources

https://www.elastic.co/guide/en/elasticsearch/reference/7.17/ilm-set-priority.html


HOME | GUIDES | LECTURES | LAB | SMTP HEALTH | HTML5 | CONTACT
Licensed under MIT