Document Available Configuration to Reduce Elasticsearch Index Sizing for Large Clusters

We have confirmed with PartyBus if Elasticsearch indexes (by default 1 logstash-XX index per day) are too large, one can follow this linux string time formatting logic to increase (or decrease) the number of indexes that are generated: https://man7.org/linux/man-pages/man3/strftime.3.html

For example, inside the outputs configuration values section you will need to define Logstash_DateFormat. For example to generate a new index for each hour of the day the configuration would be Logstash_DateFormat %Y.%m.%d-%k while 2 indexes per day would be Logstash_DateFormat %Y.%m.%d-%P.

Below is the elasticsearch output specific information for fluentbit: https://docs.fluentbit.io/manual/pipeline/outputs/elasticsearch

AC:

Add above information to either a new or existing document with this repo's docs/ folder

Admin message

Document Available Configuration to Reduce Elasticsearch Index Sizing for Large Clusters