I read this post, but the timestamp is depreciated. And I am still not fully up to speed on what to do.
I have Logstash passing logs to ES with ES's Dynamic Field Mapping (I believe this is the correct terminology). But I still don't know how to add the date index on creation, even after considerable reading. I have tried to ask in irc, but get a comment here and a comment there and for someone that is new to this topic, there is little help to be found, so I am trying here.
My unsuccessful final attempt was:
curl -XPUT localhost:9200/_template/my_template -d '
{
"template" : "log*",
"mappings": {
"type1": {
"properties": {
"created_at": {
"type": "date",
"format": "yyyyMMdd'T'HHmmss.SSSZ"
}
}
}
}
}'
I deleted the logstash dynamic template, so it would start again, but nothing has changed!
Can some please assist, so I can make some ground? Thanks in advance.