Indexes¶
By extracting key features such as log fields and metric tags, indexes can associate feature values with raw data, enabling efficient retrieval and avoiding inefficient full scans.
After creating and managing multiple indexes, the system automatically archives log data into corresponding indexes based on preset filter conditions. At the same time, you can customize data storage policies for each index, effectively controlling and reducing storage costs while balancing data management flexibility and economic benefits.
Create¶
Guance supports creating or binding three types of indexes:
Index Type |
Definition | Core Features and Data Flow | Control Ownership |
|---|---|---|---|
| Log Index | The basic log storage unit in Guance. After log data is reported, the system automatically sorts and stores it into matching indexes based on preset rules (e.g., matching conditions, filters) | Rule-based automatic sorting Collector → Guance unified reception → sorting by rules → writing to target index |
Guance platform console (controlled by configuring index rules) |
| Direct Write Index | A write method where the collector directly specifies the target index name. Data bypasses the default sorting rules on the platform side and is written directly to the specified index | Direct write to specified target Collector (specifies index name) → direct write to target index |
Collector configuration (specified in DataKit or other collector configurations) |
| External Index | A cross-data source query integration feature provided by Guance. By binding authorization, an external data source (e.g., self-built ES) is mapped to a logically queryable index within the workspace | External data source binding and unified query Data is stored externally, Guance establishes query channels for retrieval |
External data source system (data ownership and storage management are external) |
When data is collected into Guance, the system will split and distribute it to indexes or forward it to other third-party systems based on rules, thereby improving data processing efficiency and meeting the needs of multi-path data distribution.
Manage¶
You can manage the index list through the following operations.
-
Disable index: Subsequent logs will no longer enter this index and will continue to match and flow into other indexes for storage. If no other index is matched, they will be saved in the default
defaultindex; -
Enable index: Subsequent logs will re-enter this index for storage.
Edit a created log index.
Changing the storage policy will delete the data in the index. Proceed with caution.
Click to view all operation logs for this index.
Click the icon to delete a created index.
-
After deletion, the log data in this index will also be deleted. If no other index is matched, subsequently reported log data will be saved in the default index
default; -
If the deleted index has been authorized for querying by other workspaces, the other workspace will no longer be able to query this index after deletion;
-
After deleting a log index, you can create an index with the same name as needed.
Click the icon to drag created log indexes up or down.
Logs flow into the first matched index. Changing the index order may alter the log flow.