My es version is 7.13.4,but after i change the ilm policy, i can not receive any new log from the logstash, even i set the ilm_enable=false
the configuration is as below
if [fields][tags] == "prd-k8s-app" {
if "_dateparsefailure" not in [tags] and "_grokparsefailure" not in [tags] and "timestampfailure" not in [tags] {
elasticsearch {
hosts => ["https://x.x.x.x:9200"]
index => "%{[k8s.container]}%{+YYYY.MM.dd}"
action=>"create"
ilm_enable=>false
user => logstash
password => "xxxx"
ssl => true
ssl_certificate_verification => true
cacert => "/etc/logstash/ssl/ca.pem"
}
} else {
file {
path => "/var/log/logstash/error/%{[tags]}_error-%{+YYYY.MM.dd}.log"
codec => rubydebug
}
}
}
What do the Logstash logs show? What does the policy look like?
It is OK now.we used the lfm feature and it use steaming instead of indices.but for the streaming the default configuration is hidden.That is why we can not see the logs.
Mark Walkom via Discuss the Elastic Stack <notifications@elastic.discoursemail.com>于2023年5月2日 周二11:26写道: