Dynamic Index name and mapping

Elastic Stack Elasticsearch
1

Good evening,

I have an IDS send is alerts, via fluentd, to a new index generated
everyday, like this snort-yymmdd.
I'm trying to define a mapping for that index, but I don't know how to
define a mapping for an index generated dynamically, just for those with
static names.

Is possible to do this?

Kind regards,
Bruno Andrade.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/4d21f3ca-0ce5-445d-a792-1e2a3f9793b0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

2

You can use wildcards with index templates:

--
Ivan

On Mon, Apr 28, 2014 at 9:04 AM, Bruno Andrade bruno90@gmail.com wrote:

Good evening,

I have an IDS send is alerts, via fluentd, to a new index generated
everyday, like this snort-yymmdd.
I'm trying to define a mapping for that index, but I don't know how to
define a mapping for an index generated dynamically, just for those with
static names.

Is possible to do this?

Kind regards,
Bruno Andrade.

--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/4d21f3ca-0ce5-445d-a792-1e2a3f9793b0%40googlegroups.comhttps://groups.google.com/d/msgid/elasticsearch/4d21f3ca-0ce5-445d-a792-1e2a3f9793b0%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/CALY%3DcQD3yRXHwwGRas_WuOu0Hc9jOYs_1KkUwePgbgqhbB-yRA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

3

I gave it a look... that's exactly what I need.

Thanks.

Segunda-feira, 28 de Abril de 2014 17:04:55 UTC+1, Bruno Andrade escreveu:

Good evening,

I have an IDS send is alerts, via fluentd, to a new index generated
everyday, like this snort-yymmdd.
I'm trying to define a mapping for that index, but I don't know how to
define a mapping for an index generated dynamically, just for those with
static names.

Is possible to do this?

Kind regards,
Bruno Andrade.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/af4f0874-5d53-46ae-8259-dd36430677bb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.