Creation Index

Charaf_Ahmed · May 23, 2018, 9:01am

Hello, I have a very naive question but I can not find a solution.

By launching logstash with this config file (just after), it creates several indexes in elasticsearch.

input {
   file {
       path => "/home/ahmed/Bureau/access.log"
       start_position => "beginning"
   }
}

filter {

grok {
  match => { "message" => "%{COMBINEDAPACHELOG}" }
}

date {
  match => [ "timestamp" , "dd/MMM/yyyy:HH:mm:ss Z" ]
}

geoip { source => "clientip" }

} output {
  elasticsearch { 
 hosts => ["localhost:9200"]
index => "log-%{+YYYY.MM.dd}"
  } 
 stdout { codec => rubydebug }
}

Why is it so?

Christian_Dahlqvist · May 26, 2018, 6:51am

This tells the elasticsearch plugin to create one index per day with the date in the index name.

system · June 23, 2018, 7:06am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.