Hi Team, we are trying to create a new index for Kube-system namespace related logs as one index and rest of the system as another index.
as part of that we have below spec read and deployed but we are not seeing any indexes getting created for kubesystem.
Can someone please guide us.
This is what we have written to achieve it.
output {
if [kubernetes][namespace] == "kube-system" {
Elasticsearch {
hosts => ["http://xx-xxxx-xxx.io.thehut.local:9200"]
index => "test-%{[kubernetes][namespace]}-%{+YYYY.MM.dd}"
}
} else {
Elasticsearch {
hosts => ["http://xx-xx-xx-xx.io.thehut.local:9200""]
index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
}
}