Can I dynamically specify indices to search?

anon12945697 · December 14, 2016, 6:21pm

Hi there,

I have a question for Watcher. Can I dynamically specify indices to search?

Example:
I have multiple logs, named in the format: "log-yyyy-mm-dd", like "log-2016-12-14".
I have a watch run every 5 mins, searching for exceptions in log indices in last 30 mins.
Currently, my watch search all indices. It is kind of wasting resource. I would like to specify the indices, to use only today and yesterday's indices. It means I need to dynamically specify indices to search.

How can I do that?

Thanks,

Da

skearns · December 14, 2016, 8:48pm

Yes, you can use index date math[1] to specify an index.

[1] https://www.elastic.co/guide/en/elasticsearch/reference/current/date-math-index-names.html

anon12945697 · December 15, 2016, 6:57pm

That's cool! I'll give it a try

system · January 12, 2017, 6:57pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.