I am using logstash to push the data to elasticsearch and my ouptut plugin is like this:
elasticsearch
{
hosts => ["x.x.x.x:9200","x.x.x.x:9200","x.x.x.x:9200"]
index => "union_thread-%{+YYYY.MM}"
user => "xxxxxxx"
password => "xxxxxxx"
ssl => true
cacert => "/etc/logstash/CA.pem"
template_name => "template_1"
}
Its working without the template_name. I just figured out on templates, to use them to configure the number of shards while creating the index itself and also can add lifecycle policies.
Aside all that, I see in the documentation for creating templates
https://www.elastic.co/guide/en/elasticsearch/reference/current/indices-templates.html
the below content:
PUT _template/template_1
{
"index_patterns" : ["te*"],
"settings" : {
"number_of_shards" : 1
},
"aliases" : {
"alias1" : {},
"alias2" : {
"filter" : {
"term" : {"user" : "kimchy" }
},
"routing" : "kimchy"
},
"{index}-alias" : {}
}
}
I am not sure I understand the aliases section.
In the line, "alias1" : {}.
I know alias1 is the alias that's getting created/ adding the index to the alias1 once the index is created.
Can somebody help me understand what's {} for. Or any documentation
I went throught the Index aliases documentation, but couldn't get to correlate anything I found there.
Also, what is the best practice of managing templates/ rolling over Indices:
Right now, what I am doing is
I have my template and lifecycle policies created in Dev Tools, add the policy name in template.
Give the template name in logstash.
So, I have multiple beat inputs like 10 and will keep increasing. How do I manage templates and policies. what is the best practice or best way to do/automate this.?