Our reporting needs are starting to grow so I am planning on creating new summaries and would like to use best practices to manage these summaries while trying to plan ahead as best as possible. I came across another post (here) about using multiple indexes for managing summaries. Based on the answer, I plan use the same structure and create 3 separate indexes (summary_5m, summary_1h, summary_1d).
Is this a good practice? Are there any other methods that may be better?
There is a scenario that creating a particular summary at 5 minute intervals would actually result in a higher volume of data based on the nature of the log (expanding values from a multi valued field). However, if this data was kept in its own index then it could be deleted after 30 or 60 days.
Thoughts?