Re: Set active index

[Ivan Brusic]

You can set up an alias for the indexes you want to query and use only the
alias for queries, not the direct index names:

http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/indices-aliases.html

For archiving, look into the curator script, which helps close/delete old
indexes:

https://github.com/elasticsearch/curator

Sematext/Otis did tweet about something related that could be interesting,
but did not elaborate further:
https://twitter.com/sematext/status/496322872672260097

Cheers,

Ivan




On Tue, Aug 5, 2014 at 8:04 AM, Rhys Campbell  wrote:

> Hi All,
>
> I have setup a EFK system just for testing at the moment.
>
> It's running in a VM with not much RAM and I am having problem with the
> elasticsearch process because of this. The VIRT = 12GB which is
> approximately the total size of the indexes.
>
> My indexes are split by date like so...
>
> logstash-2014.06.01
> logstash-2014.06.02...
>
> and so on. I'm guessing elasticsearch is trying to hold all of this in
> RAM. Is there a way I can setup elasticsearch to only search a specific
> index (or number of indices)? Is it just a case of archiving the logs I
> don't want ES to deal with? Ideally I'd like to work with only the last day
> or two of indexes which will hopefully all fit into RAM.
>
> Cheers,
>
> Rhys
>
> --
> You received this message because you are subscribed to the Google Groups
> "elasticsearch" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to elasticsearch+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/elasticsearch/4b2533dd-752b-442f-9ba3-a71de0cac6ff%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to elasticsearch+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/elasticsearch/CALY%3DcQCeB90u78%3D_8kr2PGJ7u6SvVhN6G4Tcoek%2B6h_8uGijtQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Set active index

[Rhys Campbell]

Hi All,

I have setup a EFK system just for testing at the moment. 

It's running in a VM with not much RAM and I am having problem with the 
elasticsearch process because of this. The VIRT = 12GB which is 
approximately the total size of the indexes.

My indexes are split by date like so...

logstash-2014.06.01
logstash-2014.06.02...

and so on. I'm guessing elasticsearch is trying to hold all of this in RAM. 
Is there a way I can setup elasticsearch to only search a specific index 
(or number of indices)? Is it just a case of archiving the logs I don't 
want ES to deal with? Ideally I'd like to work with only the last day or 
two of indexes which will hopefully all fit into RAM.

Cheers,

Rhys 

-- 
You received this message because you are subscribed to the Google Groups 
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to elasticsearch+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/elasticsearch/4b2533dd-752b-442f-9ba3-a71de0cac6ff%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.