Index management

edit

[preview] This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.

This content applies to: Elasticsearch Observability Security

Elastic’s index management features are an easy, convenient way to manage your cluster’s indices, data streams, index templates, and enrich policies. Practicing good index management ensures your data is stored correctly and in the most cost-effective way possible.

Manage indices
edit

Go to Project settings → Management → Index Management:

Index Management UI

The Index Management page contains an overview of your indices.

  • To show details or perform operations, such as delete, click the index name. To perform operations on multiple indices, select their checkboxes and then open the Manage menu.
  • To filter the list of indices, use the search bar.
  • To drill down into the index mappings, settings, and statistics, click an index name. From this view, you can navigate to Discover to further explore the documents in the index.
Manage data streams
edit

Investigate your data streams and address lifecycle management needs in the Data Streams view.

The value in the Indices column indicates the number of backing indices. Click this number to drill down into details.

A value in the data retention column indicates that the data stream is managed by a data stream lifecycle policy.

This value is the time period for which your data is guaranteed to be stored. Data older than this period can be deleted by Elasticsearch at a later time.

Data stream details

To view information about the stream’s backing indices, click the number in the Indices column.

  • To view more information about a data stream, such as its generation or its current index lifecycle policy, click the stream’s name. From this view, you can navigate to Discover to further explore data within the data stream.
  • [preview] This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features. To edit the data retention value, open the Manage menu, and then click Edit data retention.
Manage index templates
edit

Create, edit, clone, and delete your index templates in the Index Templates view. Changes made to an index template do not affect existing indices.

Index templates

If you don’t have any templates, you can create one using the Create template wizard.

Manage enrich policies
edit

Use the Enrich Policies view to add data from your existing indices to incoming documents during ingest. An enrich policy contains:

  • The policy type that determines how the policy matches the enrich data to incoming documents
  • The source indices that store enrich data as documents
  • The fields from the source indices used to match incoming documents
  • The enrich fields containing enrich data from the source indices that you want to add to incoming documents
  • An optional query.
Enrich policies

When creating an enrich policy, the UI walks you through the configuration setup and selecting the fields. Before you can use the policy with an enrich processor, you must execute the policy.

When executed, an enrich policy uses enrich data from the policy’s source indices to create a streamlined system index called the enrich index. The policy uses this index to match and enrich incoming documents.

Check out these examples: