So I understand that the minimum timespan on a hot bucket is 1 hour, but bucket sizing defaults to a file size instead of a timespan. It is also warned that setting bucket sizes too small will yield "too many buckets". It seems that the implicit guidance is for larger bucket sizes and fewer of them. However, this seems counter intuitive as having lots of small buckets would seem to imply less searching would be required.
Am I missing something? What is the disadvantage of having lots of small buckets and rotating them frequently besides file count? Do you lose compression, do the tsidx files go crazy and eat all the disk, what actually happens? Has anyone gone against the grain and implemented small bucketing with fast rotation?
↧