My indexes are created from a template as ‘name-year.month.date’. It seems that this isn’t acceptable for index-lifecycle-policies anymore. I get this error “index name [name-2025.12.09] does not match pattern '^.*-\d+$'“.
At one point this process was working. I was able to rollover/delete indexes based on age.
Is there a workaround?
That regular expression pattern does as far as I can see not appear to match the index name so I would recommend fixing the pattern. (You need to account for the dots in the date) If this at some point has worked that must have been a bug that has been fixed.
Is there something I can do to change the regex pattern? I rather like having a date stamp on my indexes.
There are 2 things related to date pattern indices.
The first is when indices roll over, many have their birthdate in the name. This is still done by many of the Elastic provided integrations.
The second type is where the date from the event is used in the index name. That causes a new index to be created daily. That can lead to a lot of smaller indices, which can cause problems. Another problem that can happen is a new beats/agent starts harvesting host logs that go back for years and the config doesn’t block the older events (I don’t remember the parameter). If you have 2 years of data, you can suddenly create 720 new indices. (I’ve done it, not fun)
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.