-
|
Does elastalert 2 delete old documents or roll over its writeback_index indices somehow? I wasn't able to find any info on the topic. Looks like that in a very long time perspective it can clutter all elasticsearch space and paralyze its work. |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
AFAIK, there's no roll over of writeback indices. But, they're are supposed to be quite lightweight. For instance, my writeback indices uses ~6Go for a 14 months retention with ~250 rules. I suppose you could manually rotate those indices by removing them from Elasticsearch and recreate them using |
Beta Was this translation helpful? Give feedback.
AFAIK, there's no roll over of writeback indices. But, they're are supposed to be quite lightweight. For instance, my writeback indices uses ~6Go for a 14 months retention with ~250 rules.
I suppose you could manually rotate those indices by removing them from Elasticsearch and recreate them using
elastalert-create-index. Juste be aware that you'll lose alerting history (errors, silencing status, last executions, last matches, etc.). As if you were starting on a fresh installation of ElastAlert.