Creation Index

Charaf_Ahmed · May 23, 2018, 9:01am

Hello, I have a very naive question but I can not find a solution.

By launching logstash with this config file (just after), it creates several indexes in elasticsearch.

input {
   file {
       path => "/home/ahmed/Bureau/access.log"
       start_position => "beginning"
   }
}

filter {

grok {
  match => { "message" => "%{COMBINEDAPACHELOG}" }
}

date {
  match => [ "timestamp" , "dd/MMM/yyyy:HH:mm:ss Z" ]
}

geoip { source => "clientip" }

} output {
  elasticsearch { 
 hosts => ["localhost:9200"]
index => "log-%{+YYYY.MM.dd}"
  } 
 stdout { codec => rubydebug }
}

Why is it so?

Christian_Dahlqvist · May 26, 2018, 6:51am

This tells the elasticsearch plugin to create one index per day with the date in the index name.

system · June 23, 2018, 7:06am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to create daily Indices in elastic search 7.1.0? Elasticsearch	5	6783	September 11, 2019
New index is not created Elasticsearch	7	4955	February 14, 2020
How to create index as per file creation date? Logstash	4	1375	October 31, 2019
Basic understating regarding index creation Logstash	10	2769	August 13, 2021
Logstash not creating multiple index Logstash	5	305	October 8, 2020

Creation Index

Related topics