Optimizing Elasticsearch – Part 2: Index Lifecycle Management

In the previous blog post "Optimize Elasticsearch for log collection - Part 1: reduce the number of shards", we have seen one solution to recover a cluster suffering from the "too many shards syndrome" by merging indices that were too small. In this article, we'll see how we can rely on latest Elasticsearch feature to … Continue reading Optimizing Elasticsearch – Part 2: Index Lifecycle Management

Optimizing Elasticsearch for security log collection – part 1: reducing the number of shards

Nowadays, logs collection for security monitoring is about indexing, searching and datalakes; this is why at NVISO we use Elasticsearch for our threat hunting activities. Collecting, aggregating and searching data at a very high speed is challenging in big environment, especially when the flow is bigger than expected. At NVISO, we are constantly seeking for … Continue reading Optimizing Elasticsearch for security log collection – part 1: reducing the number of shards