This section provides some best practices for managing your data to help you set up a production environment that matches your workloads, policies, and deployment needs.
Plan your data structure, availability, and formattingedit
- Build a data architecture that best fits your needs. Your Elasticsearch Service deployment comes with default hot tier Elasticsearch nodes that store your most frequently accessed data. Based on your own access and retention policies, you can add warm, cold, frozen data tiers, and automated deletion of old data.
- Make your data highly available for production environments or otherwise critical data stores, and take regular backup snapshots.
- Normalize event data to better analyze, visualize, and correlate your events by adopting the Elastic Common Schema (ECS). Elastic integrations use ECS out-of-the-box. If you are writing your own integrations, ECS is recommended.
Add your dataedit
- Migrate and upload existing data into your deployment.
Add inbound integrations for new data sources. You can either use Elastic provided integrations, or create your own:
Optimize data storage and retentionedit
Once you have your data tiers deployed and you have data flowing, you can manage the index lifecycle.
Elastic integrations provide default index lifecycle policies, and you can build your own policies for your custom integrations.