Thanks !! another beatifully explained Al Sir videos .

Thanks Ali for this great elasticsearch tutorial, I would love to see you making video about datastreams and index template.

Great video i love these ELK series, i would love to see you cover compression with Elasticsearch lots of logs that needs to be stored for a long time i'm exploring the index.codec parameter and was wondering if it's possible to apply different compression algorithms depending on the ILM phase the index is in (less compression but fast access in the hot phase, and the better compression in the warm and cold phases).

Hi Ali, Do you think ElasticSearch can be used for documents archiving and records management. I work for engineering company where project can produce 10s of thousands of documents . All those need to be archived provided retention schedule before records\files are destroyed (deleted from they system with log documenting the destruction event).

Thanks for the guide, btw just to add to this, if you wants your index to automatically use the pipeline by default change the index.default_pipeline setting

Hi Ali, Could I use the Enrich function to do Data Cleaning? For example, I already know my incoming logs may have rows of false positive entries that do not reflect accurate state of system. Hence I want to have a Policy to delete such rows based on correlation with rows above/below such that only clean, accurate data is ingested into Elasticsearch.

Please say about send suricata logs as a nids to ELK . THANKS

ERROR: Failed to determine the health of the cluster.???????????????????