Best practice for index configuration

arnaud · April 29, 2017, 5:11pm

Hello everybody,
I come back with a new question about how to configure indexs into Graylog?
The thing is that I know that I want set the retention by size, cause I have for the moment one elasticsearch node with 200Go usable.
But, I don’t know if it’s better to have few indexs with large size or lot of index with small size. I started with 5Go per index with 40 indexs. But maybe it’s better to have 200 indexs of 1Go?
Could you explain to me the best practice for a better optimisation?

Also, I have the same question about the number of shards, I kept the default value:4. Does it have any impact on the performance even on a single node?

Thanks!

Arnaud

jochen · May 1, 2017, 10:27am

Please refer to the following documents:

arnaud · May 2, 2017, 2:05pm

Thanks Jochen,

I’ll dive into those documentations. I thought there were general classical rules to apply.

macko003 · January 29, 2019, 12:48pm

It is full with useful information about this topic.

Topic		Replies	Views
Iptimizing indexs and shards in Graylog Documentation Campfire	1	2017	August 15, 2022
Retention time strategy Graylog Central (peer support)	5	1268	April 11, 2018
Planing Shards and Indices Organization Graylog Central (peer support)	7	6632	September 29, 2018
Elasticsearch number of shards Graylog Central (peer support)	6	6311	June 13, 2017
Confused on why I'm not storing as much as I expected Graylog Central (peer support)	3	462	September 5, 2017

Best practice for index configuration

Related Topics