First, sorry for the lack of knowledge. I'm new to the ElasticSearch world. I've already read a lot of the documentation, but some things weren't clear.
I'm implementing a Central lasticsearch cluster and the idea is to receive logs from several Openshift Clusters using LogForwarding.
The transfer of logs, via fluentd, is working normally. The problem I'm having is that the logs from all environments are falling into the same index, even though I'm creating different index templates and different index_pattern.
Follow the Index Templates, i.e:
appocp-h:
{
"template": {
"settings": {
"index": {
"lifecycle": {
"name": "Politica_Rollover",
"rollover_alias": "appocp-h-write"
},
"number_of_shards": "1",
"number_of_replicas": "2"
}
},
"aliases": {},
"mappings": {}
}
}
appocp-i:
{
"template": {
"settings": {
"index": {
"lifecycle": {
"name": "Politica_Rollover",
"rollover_alias": "appocp-i-write"
},
"number_of_shards": "1",
"number_of_replicas": "2"
}
},
"aliases": {},
"mappings": {}
}
}
Both index Templates are forwarding the data to the same index called app-write, but I would like different indexes to be created:
App-write-h and app-write-i, i.e.
How could I do this?
I've already tried using "provided name" on index Tempalte settings, but the api gives me a syntax error.
