Elastic Cloud Enterprise automatically curates the logging and metrics indices it collects. By default, metrics indices are kept for one day and logging indices are kept for seven days. This retention period can be adjusted.
You might need to adjust the retention period for one of the following reasons:
- If your business requires you to retain logs and metrics for longer than the default period.
- If the volume of logs and metrics collected is high enough to require reducing the amount of storage space consumed.
To run the
elastic-cloud-enterprise.sh set-logging-and-metrics-policy script that lets you set the retention period, a user must be part of the
docker group. The host that you run this script on must be the first host that you installed Elastic Cloud Enterprise on or a host that holds the director role.
Extending the retention period can consume considerable amounts of disk space. If you extend the period, you must monitor the
logging-and-metrics cluster to ensure that it does not run out of storage.
To change the retention period for the
cluster-logs-* index pattern to 14 days from the command line:
bash elastic-cloud-enterprise.sh set-logging-and-metrics-policy --pattern cluster-logs-* --days 14
Additional options for working with these retention periods are available. To learn more, see
Intro to Kibana
ELK for Logs & Metrics