“just forward” - no it is not possible, but I think it could be a workaround.
You do a new index set, with little size based indices. If you use this index set the GL will store the messages, but only a few mins/hours. Maybe if you set ES to don’t index the index set, don’t store replica, etc…, it could be add some performance for this forward index set.
You can increase the output_batch_size parameter, and increase the ES http max size. Change it parallel, it can cause problems the wrong sizes.
If you have time, we collect the big clusters’ information. As I see you handle a lot of data, so you can tell something new for us.
If you would like, we can ask an admin to reopen the topic.