Create index for kube-system and rest of the namespaces another index

Murali_Thumalapalli · November 24, 2021, 12:13pm

Hi Team, we are trying to create a new index for Kube-system namespace related logs as one index and rest of the system as another index.
as part of that we have below spec read and deployed but we are not seeing any indexes getting created for kubesystem.
Can someone please guide us.

This is what we have written to achieve it.

output {
if [kubernetes][namespace] == "kube-system" {
Elasticsearch {
hosts => ["http://xx-xxxx-xxx.io.thehut.local:9200"]
index => "test-%{[kubernetes][namespace]}-%{+YYYY.MM.dd}"
}
} else {
Elasticsearch {
hosts => ["http://xx-xx-xx-xx.io.thehut.local:9200""]
index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
}
}

system · December 22, 2021, 12:13pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Part of the indices are created with this name "%{[kubernetes][namespace]}" Logstash	4	1300	April 15, 2021
How to create indices based on kubernetes metadata Beats filebeat	4	3974	March 19, 2018
Logstash output: If field exists, use other index Logstash	3	11129	August 24, 2018
Syslog index Elasticsearch	2	1813	July 5, 2017
Unable to create index based on POD names with provided prefix Elasticsearch	1	44	June 28, 2024

Create index for kube-system and rest of the namespaces another index

Related topics