'what is .reporting-* and .monitoring-* index in elasticsearch

I see some indexes (.reporting-* and .monitoring-*) as follows in our elasticsearch cluster,

green open .monitoring-kibana-7-2022.02.22 FPl-nNnAQE-8aawMEVWoaw 3 1    8640      0   4.2mb   2.1mb
green open .reporting-2020.11.15           4rS-SCGGGS-7YKg28FdyFw 1 1      30      1 323.2mb 161.6mb
green open .reporting-2021.05.09           7wnfwIsSe4rQC5hBFC3o2g 1 1      14      0 324.3mb 162.1mb
  1. What are these indexes and how do they get created?
  2. Do I need these indexes? Can I delete them?
  3. How do I stop the creation of such indexes?

Some of the references which I checked are.

(for .monitoring- indexes):*

https://www.elastic.co/guide/en/x-pack/current/xpack-introduction.html

(for .reporting- indexes):*

https://www.elastic.co/guide/en/kibana/current/reporting-settings-kb.html

This is what my kibana.yml looks like:

server.host: ffb-supply-kibana-server
elasticsearch.hosts: ["http://master-2:9200","http://master-3:9200","http://fdata-1:9200","http://data-2:9200","http://data-3:9200"]
kibana.index: ".kibana"
elasticsearch.username: "something"
elasticsearch.password: "something"
xpack.reporting.csv.maxSizeBytes: 52428800
logging.quiet: true```
kibanaelk


Solution 1:[1]

The .monitoring-* indexes contain monitoring data from any component of the stack that is monitored. If you don't enable/setup the monitoring, then those indexes are not created.

The .reporting* indexes contain reports you've setup in Kibana. If you don't use those reporting features, the index doesn't get created.

Do you need them? Odds are that if you're asking what they are, you don't really need them.

Can you delete them? Yes, but if you don't disable monitoring, new .monitoring indexes are going to appear 10 seconds later again. Same for .reporting*, if you or someone else runs a report in Kibana, the index is going to recreated again.

As mentioned earlier, to stop the creation of monitoring indexes, you need to disable monitoring (see first link), but it's not necessarily a good idea to do so, because you'd be blind and not really know how your cluster is doing. However, it's always a good idea to store monitoring data in a different cluster than the production one.

To stop the creation of reporting indexes, you simply need to stop creating reports.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Val

Related Questions

"curl: (52) Empty reply from server" / timeout when querying ElastiscSearch

Efficient way to retrieve all _ids in ElasticSearch

How to disable SSL verification for Elasticsearch RestClient v6.7.0 in Java

How to watch the logstash log?

elastic search, is it possible to update nested objects without updating the entire document?

ElasticSearch Aggregation over Top Hits

Kibana server is not ready yet

Kibana server is not ready yet

Any way(plugin) to parse kibana query syntax to elasticsearch api body?

Elastic search with Google Big Query

Can not run Elastic Search on ubuntu (Error opening log file)

Is it possible to filter records of one index from another index in elasticsearch query?

Can We Retrieve Previous _source Docs with Elastic Search Versions

Sort multi-bucket aggregation by source fields inside inner multi-bucket aggregation

How to get latest document in elastic search