Alias not picking up new index logs

fionamacd · February 19, 2019, 4:37pm

I am not sure if this is a Kibana or Logstash question really...

I have weekly indexes created from logstash:
filebeat-prod1.week#
filebeat-prod2.week#

I want to have an a subset of logs for only prod2 available so I thought creating an alias would be the way to go:
POST /_aliases
{
"actions" : [ { "add" : { "index" : "filebeat-prod2-*", "alias" : "prod2",
"filter" : { "term" : { "tags" : "integration" } } } }
]
}
This worked, but the next week, when a new index was created, the alias doesn't contain any of this information. To get it working again I had to delete and add back the alias again.

Reading a bit I saw something about an alias being a point-in-time construct!

So how can a create a filtered alias of just all of prod2 logs?
Maybe i should be creating a different index in logstash?

Seems like a common thing to want to do so maybe I am missing something obvious!!!
Thanks,
Fiona

Christian_Dahlqvist · February 19, 2019, 4:40pm

If you have an index template, you can specify the alias there so any new index is automatically linked to it.

fionamacd · February 19, 2019, 7:39pm

Ah good point - I forgot I created those a while back. Thanks for the suggestion - I will see how adding the alias there helps out.
Fiona

system · March 19, 2019, 7:39pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Combine indices into new index Beats	5	1259	September 15, 2016
Noob index management - naming / cleanup Logstash	8	873	October 10, 2018
A clarification about index aliases is needed here Elasticsearch	9	1195	July 5, 2017
No index pattern for logstash Kibana	2	272	August 2, 2022
Index aliases is missing Elasticsearch ilm-index-lifecycle-management	1	363	May 13, 2022

Alias not picking up new index logs

Related topics