Hi, We start having problems with archiving merged Index that is about 630GB of winlogbeat. Also we don't have problem for the indexes that are split by days. Energy Logserver merge indexes into single. Following questions regarding the problem are: Can you provide us information of the location of the logs related to failed archiving. Do we need manually in logstash to configure spliting the indexes by day regardless of their size, and never merge them into single? How should i archive the aggregated index? How should i disable the merging indexes in EnergyLogserver without changing the configuration of the logstash?

Location of the error logs for failed archiving

draganp

Hi,
We start having problems with archiving merged Index that is about 630GB of winlogbeat. Also we don't have problem for the indexes that are split by days. Energy Logserver merge indexes into single.
Following questions regarding the problem are:

Can you provide us information of the location of the logs related to failed archiving.
Do we need manually in logstash to configure spliting the indexes by day regardless of their size, and never merge them into single?
How should i archive the aggregated index?
How should i disable the merging indexes in EnergyLogserver without changing the configuration of the logstash?