Hi I have logstash forwarding data to elasticsearch, it generates 1 index each day. How do I define one mapping for the all the indices ?
Currently, I am using the following mapping defined in sense script, just for one index
PUT /elkstats_record_clicks
{
"settings": {
"number_of_shards" : 8,
"number_of_replicas" : 1
},
"mappings" : {
"log" : {
...
}
}
}
But I plan to generate 1 index everyday, my logstash output will be like this:
output {
elasticsearch {
hosts => "staging-elkstack:9200"
index => "elkstats_record_clicks_%{+YYYY.MM.dd}"
template_name => "log"
manage_template => false
}
}
Because the index name changes every day, how can I define a mapping which fits all the index files ?