Elastic can not see the lastest log after using ILM

My es version is 7.13.4,but after i change the ilm policy, i can not receive any new log from the logstash, even i set the ilm_enable=false

the configuration is as below
if [fields][tags] == "prd-k8s-app" {
if "_dateparsefailure" not in [tags] and "_grokparsefailure" not in [tags] and "timestampfailure" not in [tags] {
elasticsearch {
hosts => ["https://x.x.x.x:9200"]
index => "%{[k8s.container]}
user => logstash
password => "xxxx"
ssl => true
ssl_certificate_verification => true
cacert => "/etc/logstash/ssl/ca.pem"

} else {
  file {
    path => "/var/log/logstash/error/%{[tags]}_error-%{+YYYY.MM.dd}.log"
    codec => rubydebug


What do the Logstash logs show? What does the policy look like?

It is OK now.we used the lfm feature and it use steaming instead of indices.but for the streaming the default configuration is hidden.That is why we can not see the logs.

Mark Walkom via Discuss the Elastic Stack <notifications@elastic.discoursemail.com>于2023年5月2日 周二11:26写道:

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.