Where / How ElasticSearch stores logs received from Logstash?
Question
Disclaimer: I am very new to ELK Stack, so this question can be very basic.
I am setting up ELK stack now. I have below basic questions about ElasticSearch .
- What is the storage model elastic search is following?
For example Oracle is using relational model ,Alfresco is using "document model" and Apache Jackrabbit is using "hierarchial model"
2.Log data stored in elastic search is persistent/permanent ? Or ElasticSearch deletes log data after certain period?
3.How we will manage/backup this data?
4.Log/data files in Elastic Search is human-readable ?
Any help/route to documentation will be appreciated.
1 answers
solution1
3 ACCPTED 2016-07-21 13:40:28
- the storage model is a Document model. Everything is a document . The documents are of a particular type and they are stored in an index .
- Data send to ES is stored on disk. It can be then read , searched or deleted through a REST API.
- The Data is managed through the rest API. Usually for log centralisation, the logs are stored in date-based index (one index for today, one for yesterday and so on), so to delete the logs from one day, you delete the relevant index . Curator can help in this case. ES offers a backup and restore module .
- To access the data in ES, you'll have to use the REST API or use the Kibana client .
Documentation:
https://www.elastic.co/guide/en/elasticsearch/guide/current/index.html
https://www.elastic.co/guide/en/elasticsearch/reference/current/index.html
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.