hi,
is it possible to use ES shrink api to reduce the number of shards in the old indices?
https://www.elastic.co/guide/en/elasticsearch/reference/5.5/indices-shrink-index.html
If it is, what should be taken into account? How to name the target index, and are there some special parameters from Graylog that need to be set in the shrinking command?
Sure, you can use Curator or any other tool (or no tool at all) to use the Elasticsearch Shrink Index API.
Graylog itself currently doesn’t support the Shrink Index API.
Great! Will Graylog find the new index automatically? How to name the index - is it possible to name the new index like graylog_400_new or something?
No, it has to fit the naming scheme of an existing index set.
http://docs.graylog.org/en/2.3/pages/configuration/index_model.html#index-set-configuration
Additionally, you have to recalculate index ranges for the respective index set.
http://docs.graylog.org/en/2.3/pages/configuration/index_model.html#keeping-the-index-ranges-in-sync
It has to match the configured index prefix of an existing index set (e. g. graylog_*) and end in a number. So graylog_400 would actually work (given that there will never be another index named graylog_400).
I would recommend creating a specific index set for these shrunken indices which isn’t used for anything else, so that there won’t be any name collisions.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
