0

Sorry if this is a simple question - I'm new to ELK and have it all running with data coming through ok. My issue is that I'm concerned about storage growth given the number of records that will be coming through.

Having a search on the google I've seen that on GrayLog there is a setting to limit the amount of data to retain ( Graylog2- how to config logs retention to 1 week ) and I'd like to do the same in ELK but I can't find the correct setting.

Roman Pokrovskij
  • 9,449
  • 21
  • 87
  • 142
Dan 400007
  • 11
  • 1
  • 1
    Welcome to stackoverflow. Please read : https://stackoverflow.com/help/on-topic, https://stackoverflow.com/help/how-to-ask and https://stackoverflow.com/help/dont-ask. You may need to edit your question based on these guidelines. – Soumya Kanti Jan 11 '19 at 09:51

1 Answers1

0

There is no easy way to do this in GUI (yet). What you need is the Curator that can delete or rollup indices based on time (delete indices older than 7 days) or amount of documents in an index.

In a future Version there will be an inbuilt tool for that in Kibana, but it´s not in the current release (6.5). It will probably release with Elastic 6.6 (as a beta), but you may even have to wait for 7.X

Atlan da Gonazol
  • 71
  • 4