AFTER changed DATA STREAM INDEX template, index stay 225b,

cLaYYs · August 21, 2023, 7:05pm

Hi All,

We use custom UDP integration(fleet managed integration) to collect Linux auth logs. We set the default pipeline for auth logs which is [logs-system.auth-default].

We did parse the data as we expected. This data stream uses default logs* index template.
I would like to change it with the default index template.[logs-system.auth]

After changing this index template, rollover the index to see what happened.

But right now, there is no log in this index. stayed 255b, there is no document in this index. ı can not see logs in discover.

Actually, ı do not know what ı am gonna do. ı'm stuck.

cLaYYs · August 22, 2023, 4:54am

Any comment on this issue guys ?

system · September 19, 2023, 4:54am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Default ingest pipeline overwritten Elasticsearch	6	265	January 2, 2024
Datastream rollover without dated Elasticsearch ilm-index-lifecycle-management , datastreams	3	329	October 18, 2022
Apply new ILM to managed index template FAILED Elasticsearch ilm-index-lifecycle-management , datastreams	8	483	March 28, 2023
Sometimes index template change after node reboot Elasticsearch	6	389	March 26, 2021
Split a data stream into separate Indexes - to allow different ILM policies Elastic Agent integrations	4	38	August 20, 2024

AFTER changed DATA STREAM INDEX template, index stay 225b,

Related Topics