Alias not picking up new index logs

Elastic Stack Kibana
1

I am not sure if this is a Kibana or Logstash question really...

I have weekly indexes created from logstash:
filebeat-prod1.week#
filebeat-prod2.week#

I want to have an a subset of logs for only prod2 available so I thought creating an alias would be the way to go:
POST /_aliases
{
"actions" : [ { "add" : { "index" : "filebeat-prod2-*", "alias" : "prod2",
"filter" : { "term" : { "tags" : "integration" } } } }
]
}
This worked, but the next week, when a new index was created, the alias doesn't contain any of this information. To get it working again I had to delete and add back the alias again.

Reading a bit I saw something about an alias being a point-in-time construct!

So how can a create a filtered alias of just all of prod2 logs?
Maybe i should be creating a different index in logstash?

Seems like a common thing to want to do so maybe I am missing something obvious!!!
Thanks,
Fiona

2

If you have an index template, you can specify the alias there so any new index is automatically linked to it.

3

Ah good point - I forgot I created those a while back. Thanks for the suggestion - I will see how adding the alias there helps out.
Fiona

4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.