Elasticsearch automatic reindex

bianca6 · March 4, 2022, 1:51pm

Hello,

I am using a pipeline with Filebeat / Logstash / Elasticsearch / Kibana version 8 to deal with logs.

One of the field is a nano second timestamp.
Long story, I can't send it as a 'date_nanos', so, what I'm doing instead is I send it as a string, and then, Elasticsearch know how to use it as a 'date'.

After that, I create a new index (copy paste the mapping), I change from 'date' to 'date_nanos' and I reindex what Logstash sent.

This is a really boring manual task incompatible with production, but this is all I can read "just reindex, just reindex, just reindex...".

So, how can I automate this? Is there a way from logstash to choose a mapping from Elasticsearch? Or maybe Elasticsearch can reindex automaticaly?

Thanks for your time and answers.

Christian_Dahlqvist · March 5, 2022, 4:34am

Why don't you specify an index template with the mapping so it applies for all new indices?

warkolm · March 6, 2022, 10:25pm

Yep, look at Index templates | Elasticsearch Guide [8.0] | Elastic

bianca6 · March 7, 2022, 8:25am

I was not aware of this, well, it seems to suit perfectly, thanks for the information!

system · April 4, 2022, 8:26am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.