The other day I've been trying to improve the downtime when updating an index in elasticsearch (ES) and I've decided the best approach would be to create a new index and do a symlink to the active one, keeping the valid index. so, my structure would be:

    4 drwxrwxrwx 4 nagios ssh 4096 Nov  8 11:21 .
    4 drwxrwxrwx 4 nagios ssh 4096 Nov  9 10:17 ..
    4 drwxr-xr-x 8 nagios ssh 4096 Oct 20 14:03 myindex_default
    0 lrwxrwxrwx 1 nagios ssh    1 Nov  9 11:30 myindex -> myindex_000
    4 lrwxrwxrwx 8 nagios ssh 4096 Nov  6 10:55 myindex_000
    4 lrwxrwxrwx 8 nagios ssh 4096 Nov  8 10:55 myindex_001

Note: this is likely not a best practice :)

This would allow me to build an index with other means, and only do a stop/change link/restart cycle which would be much quicker :) This is simplified, of course, but you get the idea.

Unfortunately, we found out that ES gets confused and times out (red status). OUCH! After removing the symlink, ES was back to its old self.

Lesson learned: Creating symlinks to indices in the indices directory is bad for you! If you have one, remove it immediately :)

HTH,