Cloudera Community

Archives of Support Questions (Read Only)

This is an archived board for historical reference. Information and links may no longer be available or relevant
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
This board is archived and read-only for historical reference. To ask a new question, please post a new topic on the appropriate active board.
Solved Go to solution

Metron ElasticSearch too many indexes

Labels:
avatar
author-rank nnat25191
Expert Contributor

Created ‎11-27-2017 03:06 PM

Hi,

I have a cluster of Metron running, by default a new index is roll out each hour per topic. After a month worth of indexes, Kibana dashboard is a bit slow when querying ElasticSearch. Is there a way to configure or combine these indexes so that the query is a bit faster?

I believe Metron is designed to have long term data storage, is a month worth of data too long? Have anyone uses Metron to store data longer than that or experience in tuning for the best use case in term of time or the number of Elastic indexes?

Any guidance is greatly appreciated.

2,757 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank rmerriman
New Member

Created ‎11-28-2017 03:11 PM

You should be able to change the "es.date.format" in the global config to something less granular than each hour. For example, you could change the default of ""yyyy.MM.dd.HH" to ""yyyy.MM.dd" which would cause the indexes to roll every day instead. See this section in the READMEs for more info: https://github.com/apache/metron/tree/master/metron-platform/metron-common#global-configuration.

View solution in original post

2,497 Views
0 Kudos
3 REPLIES 3

avatar
author-rank rmerriman
New Member

Created ‎11-28-2017 03:11 PM

You should be able to change the "es.date.format" in the global config to something less granular than each hour. For example, you could change the default of ""yyyy.MM.dd.HH" to ""yyyy.MM.dd" which would cause the indexes to roll every day instead. See this section in the READMEs for more info: https://github.com/apache/metron/tree/master/metron-platform/metron-common#global-configuration.

2,498 Views
0 Kudos

avatar
author-rank nnat25191
Expert Contributor

Created ‎11-30-2017 08:36 PM

Thank you so much @rmerriman

shame on me I was not aware of this global.json configuration file at all.

2,497 Views
0 Kudos

avatar
author-rank nnat25191
Expert Contributor

Created ‎12-01-2017 09:32 PM

BTW, I realized the file global.json gets overwritten by metron/config on Ambari. There's a section called global.json template

Just in case someone might find it useful.

2,497 Views
0 Kudos
Announcements
What's New @ Cloudera
Announcing Cloudera Streaming Analytics 1.17: Python UDFs, S...
Community Announcements
Content Update: Evolving Our Community Content for Better, A...
Community Announcements
Product Name Updates — Community Label Changes & Notificatio...
What's New @ Cloudera
Announcing Cloudera Data Lineage for Trino
What's New @ Cloudera
Announcing Cloudera Streaming Analytics Operator for Kuberne...
View More Announcements