What you’re describing in 2 is a Lambda Architecture. Your Elasticsearch
cluster doesn’t need to have more data in it than up to the last time a
batch mode loaded into Redshift.
Check out these links:
- How to setup a Lambda Architecture for Snowplow
http://discourse.snowplow.io/t/how-to-setup-a-lambda-architecture-for-snowplow/249 - Lambda Architecture http://lambda-architecture.net/