Home Explore Help
Sign In
lqb
/
elasticsearch
mirror of https://gitee.com/mirrors/elasticsearch.git
1
0
Fork 0
Files Issues 0 Wiki
Tree: a767350859
Branches Tags
elasticsearch
/
docs
/
reference
/
rollup
/
index.asciidoc

index.asciidoc 5.0 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138 
  1. ifdef::permanently-unreleased-branch[]
    2. 

  2. [role="xpack"]
    3. 

  3. [testenv="basic"]
    4. 

  4. [[xpack-rollup]]
    5. 

  5. == Rollups
    6. 

  6. 

  7. A rollup aggregates an index's time series data and stores the results in a new
    8. 

  8. read-only index, called a rollup index. For example, you can roll up hourly
    9. 

  9. metric data into daily or weekly summaries.
    10. 

  10. 

  11. A rollup index only contains aggregated data for the fields you choose. You can
    12. 

  12. search, visualize, and aggregate a rollup index like a regular index. While its
    13. 

  13. data is less granular, a rollup index contains fewer fields and documents,
    14. 

  14. making these operations faster.
    15. 

  15. 

  16. Use rollups to:
    17. 

  17. 

  18. * Reduce storage costs by deleting or archiving your original indices
    19. 

  19. * Speed up searches and visualizations
    20. 

  20. * Compactly store historical metric data
    21. 

  21. 

  22. image::images/rollups/rollups.gif[Use rollups to reduce the size of your data]
    23. 

  23. 

  24. [discrete]
    25. 

  25. [[roll-up-your-data]]
    26. 

  26. === Roll up your data
    27. 

  27. 

  28. You typically perform rollups using the {ilm-init} <<ilm-rollup,`rollup`>>
    29. 

  29. action. You configure the `rollup` action with the aggregations and metrics
    30. 

  30. you want to store in the rollup index.
    31. 

  31. 

  32. The `rollup` action also lets you specify an {ilm-init} policy for the resulting
    33. 

  33. rollup index. If you don't specify this policy, {ilm-init} will not manage the
    34. 

  34. rollup index.
    35. 

  35. 

  36. [TIP]
    37. 

  37. ====
    38. 

  38. In most cases, the {ilm-init} policy for a rollup index should differ from the
    39. 

  39. policy for its source index. To prevent <<size-your-shards,oversharding>>, we
    40. 

  40. also recommend using the {ilm-init} <<ilm-shrink,`shrink`>> action to reduce the
    41. 

  41. rollup index's primary shard count.
    42. 

  42. ====
    43. 

  43. 

  44. You can also manually roll up an index using the <<rollup-api,rollup API>>.
    45. 

  45. 

  46. [discrete]
    47. 

  47. [[search-rollups]]
    48. 

  48. === Rollups and data streams
    49. 

  49. 

  50. Rollups are designed to work with the backing indices of data streams. If you
    51. 

  51. roll up a backing index for a data stream, the resulting rollup index is a
    52. 

  52. backing index for the same stream.
    53. 

  53. 

  54. If you search a data stream containing both a rollup index and its source index,
    55. 

  55. {es} automatically resolves searches without duplicate results.
    56. 

  56. 

  57. If results from the rollup index and the source index would be the same, {es}
    58. 

  58. uses the rollup for faster results. If the results differ, {es} uses the source
    59. 

  59. index's data for better accuracy. If you've replaced the source index with a
    60. 

  60. searchable snapshot, {es} uses the searchable snapshot as the source index.
    61. 

  61. 

  62. This automatic search resolution lets you use rollups as a caching layer for
    63. 

  63. your data stream. You can keep rollup indices in a hot or warm <<data-tiers,data
    64. 

  64. tier>> and archive your original indices in a cold or frozen tier. 
    65. 

  65. 

  66. NOTE: Only data streams support automatic search resolution for rollups. Searches
    67. 

  67. directly targeting a rollup index and its source index may return duplicate
    68. 

  68. results.
    69. 

  69. 

  70. [discrete]
    71. 

  71. [[legacy-rollups]]
    72. 

  72. === Legacy rollups
    73. 

  73. 

  74. // tag::legacy-rollups[]
    75. 

  75. Before {es} 7.x, you could only create rollups using periodic cron jobs. Special
    76. 

  76. APIs were required to manage these jobs and search the resulting rollup indices.
    77. 

  77. These rollup APIs are now deprecated and will be removed in a future release.
    78. 

  78. // end::legacy-rollups[]
    79. 

  79. 

  80. See <<legacy-rollup-apis>>.
    81. 

  81. 

  82. [discrete]
    83. 

  83. [[differences-with-legacy-rollups]]
    84. 

  84. ==== Differences from legacy rollups
    85. 

  85. 

  86. The new rollup functionality differs from legacy rollups as follows:
    87. 

  87. 

  88. * Rollups no longer require a cron job. You can perform rollups using the
    89. 

  89. {ilm-init} <<ilm-rollup,`rollup`>> action or <<rollup-api,rollup API>>.
    90. 

  90. 

  91. * Rollup indices are read-only and only contain aggregated data from one source
    92. 

  92. index. Previously, multiple legacy rollup jobs could index into a single rollup
    93. 

  93. index.
    94. 

  94. 

  95. * You can now search rollup indices like a regular index. Legacy rollup indices
    96. 

  96. required a special rollup search API, which could only search one rollup index
    97. 

  97. at a time.
    98. 

  98. 

  99. * While still approximate, `terms` aggregations for rollups are now more
    100. 

  100. accurate. Previously, `terms` aggregations for legacy rollup jobs could provide
    101. 

  101. inaccurate document counts due to differences between shards for the source
    102. 

  102. index.
    103. 

  103. 

  104. endif::[]
    105. 

  105. ifndef::permanently-unreleased-branch[]
    106. 

  106. 

  107. [role="xpack"]
    108. 

  108. [testenv="basic"]
    109. 

  109. [[xpack-rollup]]
    110. 

  110. == Rolling up historical data
    111. 

  111. 

  112. experimental[]
    113. 

  113. 

  114. Keeping historical data around for analysis is extremely useful but often avoided due to the financial cost of
    115. 

  115. archiving massive amounts of data.  Retention periods are thus driven by financial realities rather than by the
    116. 

  116. usefulness of extensive historical data.
    117. 

  117. 

  118. // tag::rollup-intro[]
    119. 

  119. The {stack} {rollup-features} provide a means to summarize and store historical
    120. 

  120. data so that it can still be used for analysis, but at a fraction of the storage
    121. 

  121. cost of raw data.
    122. 

  122. // end::rollup-intro[]
    123. 

  123. 

  124. * <<rollup-overview,Overview>>
    125. 

  125. * <<rollup-getting-started,Getting started>>
    126. 

  126. * <<rollup-api-quickref, API quick reference>>
    127. 

  127. * <<rollup-understanding-groups,Understanding rollup grouping>>
    128. 

  128. * <<rollup-agg-limitations,Rollup aggregation limitations>>
    129. 

  129. * <<rollup-search-limitations,Rollup search limitations>>
    130. 

  130. 

  131. 

  132. include::overview.asciidoc[]
    133. 

  133. include::api-quickref.asciidoc[]
    134. 

  134. include::rollup-getting-started.asciidoc[]
    135. 

  135. include::understanding-groups.asciidoc[]
    136. 

  136. include::rollup-agg-limitations.asciidoc[]
    137. 

  137. include::rollup-search-limitations.asciidoc[]
    138. 

  138. endif::[]
    139.