Elastic Central -

Elastic Stack Elasticsearch
1

First, sorry for the lack of knowledge. I'm new to the ElasticSearch world. I've already read a lot of the documentation, but some things weren't clear.

I'm implementing a Central lasticsearch cluster and the idea is to receive logs from several Openshift Clusters using LogForwarding.
The transfer of logs, via fluentd, is working normally. The problem I'm having is that the logs from all environments are falling into the same index, even though I'm creating different index templates and different index_pattern.

Follow the Index Templates, i.e:

appocp-h:

{
  "template": {
    "settings": {
      "index": {
        "lifecycle": {
          "name": "Politica_Rollover",
          "rollover_alias": "appocp-h-write"
        },
        "number_of_shards": "1",
        "number_of_replicas": "2"
      }
    },
    "aliases": {},
    "mappings": {}
  }
}

appocp-i:

{
  "template": {
    "settings": {
      "index": {
        "lifecycle": {
          "name": "Politica_Rollover",
          "rollover_alias": "appocp-i-write"
        },
        "number_of_shards": "1",
        "number_of_replicas": "2"
      }
    },
    "aliases": {},
    "mappings": {}
  }
}

Both index Templates are forwarding the data to the same index called app-write, but I would like different indexes to be created:
App-write-h and app-write-i, i.e.

How could I do this?

I've already tried using "provided name" on index Tempalte settings, but the api gives me a syntax error.

2

Welcome to our community! :smiley:

Which index the data is sent to would be managed by fluentd. I don't know it myself, but if you post your config for it someone might be able to help.

3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.