Create daily index

I would like to create a daily index in elastic 7
Somthing like the one in the example bellow:

[elasticsearch@elk7-lab ~]$ curl -X GET 'http://172.xx.xxx.xx:9200/_cat/indices?v'
health status index uuid pri rep docs.count docs.deleted store.size pri.store.size
....
green open .monitoring-es-7-2019.09.18 g6zJRXCGR3qK9bRiYjfTNg 1 0 93679 105938 55mb 55mb
.....

I run the following command:

[elasticsearch@elk7-lab ~]$ curl -X PUT 'http://172.xx.xxx.xx:9200/yoav1_yyyy.mm.dd'
{"acknowledged":true,"shards_acknowledged":true,"index":"yoav1_yyyy.mm.dd"}

And it show that the index create as a string and not with the date format :

[elasticsearch@elk7-lab ~]$ curl -X GET 'http://172.xx.xxx.xx:9200/_cat/indices?v'
yellow open yoav1_yyyy.mm.dd j85qyv91ToGUCbAl1mbCiA 1 1 0 0 230b 230b

Please advise how create a daily index.
P.S : I am not using logstash . I am uploading the data into Elasticsearch using spark

Thanks
Yoav

What Logstash does behind the scenes is to calculate the index name based on the template and the @timestamp field and then put this in a bulk request. You probably need to do something similar in Spark. You could also use rollover as this allows you to index into an alias and have Elasticsearch create time-based indices based on age and/or size in the background.

Hi,

I have followed the rollover documentation but failed to create the index alias

curl -X PUT 'http://172xx.xx.xx:9200/yoav20'
{
"aliases": {
"logs_write": {}
}
}

Its seems like the index created but with no alias.
What wrong with my syntax ...

[elasticsearch@elk7-lab ~]$ curl -X PUT 'http://172.xx.xxx.xx:9200/yoav20'
{"acknowledged":true,"shards_acknowledged":true,"index":"yoav20"}[elasticsearch@elk7-lab ~]$ {

"aliases": {
"logs_write": {}
}
-bash: aliases:: command not found
-bash: logs_write:: command not found
[elasticsearch@elk7-lab ~]$

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.