-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Security Solution] Add README and helper util functions for moving data to frozen quickly #197288
base: main
Are you sure you want to change the base?
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for implementing that!
Probably we should mention that user need to register snapshot repository
https://docs.elastic.dev/security-soution/analyst-experience-team/eng-prod/how-to/configure-local-frozen-tier
Because I had a error before I did that.
Another thing, that I wanted to use it to test our _tier
filters
But locally this request return 0 documents
GET my-data-stream/_search/
{
"query": {
"terms": {
"_tier": [
"data_frozen"
]
}
}
}
Another thing, that when I call
GET my-data-stream/_ilm/explain
It stuck in step
"step": "wait-for-index-color"
Do you have the same output?
Good point, I was testing a cluster on cloud with real frozen nodes so that probably accounts for the differences. I added a few sentences to clarify the expected environment for these instructions and a link to those docs for local testing efforts. |
💚 Build Succeeded
Metrics [docs]
History
|
Summary
For creating test data in frozen tier.