Indices only using 2/3 of configured index size

ErikHolgersson · June 2, 2020, 1:55pm

Hello all,

as the title states, I have the problem that my Graylog indices only use about two thirds of their configured index size before rotation.

Index-Set settings:
grafik

Index-Set in reality:

Our Graylog runs on Kubernetes using the official image with an ElasticSearch-HTTP-Node and 4 ElasticSearch-Datanodes. I did not change any settings inside ElasticSearch apart from the necessary ones to create a cluster and assign roles.

I am aware that ElasticSearch compresses indices and that the active write index will be a bit bigger than a comparable closed index, both of which mean that the index will be below the assigned maximum size after rotation. However, not even using 11GB when the configured index size is 15GB seems oddly inefficient to me.

jan · June 2, 2020, 3:19pm

he @ErikHolgersson

the size is measured by Graylog and the open index reports to be at the configured size Graylog will rotate and run a force_merge on that index. This can compress the indices in that way if the data allows that.

Cause Graylog can’t know how much data can be compressed the data and the elasticsearch version can have this kind of result.

system · June 16, 2020, 3:19pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Confused on why I'm not storing as much as I expected Graylog Central (peer support)	3	464	September 5, 2017
Excessive ElasticSearch Index Size Graylog Central (peer support)	8	6253	March 13, 2018
Index strange rotation and size differences Graylog Central (peer support) elastic	10	1110	September 7, 2022
Unexpected Index size changes during index rotation Graylog Central (peer support)	3	402	September 27, 2018
Indices & Index configuration Graylog Central (peer support)	7	5289	August 22, 2018

Indices only using 2/3 of configured index size

Related Topics