Hello there,
I'm using Elasticsearch v7.16.2.
I'm working for a client, and it's impossible for them to change the elastic output to change the index name. My goal is to change the daily format to a weekly one.
To do so, I'm using the ingest pipeline date-index-name processor.
The problem is, when I simulate / test the pipeline I got what I want, but when I apply it, the week is always week number 52.
Do you have an explaination for this ?
The test :
POST _ingest/pipeline/_simulate
{
"pipeline" :
{
"description": "test",
"processors" : [
{
"date_index_name": {
"field": "@timestamp",
"date_rounding": "M",
"index_name_prefix": "index-cagnottage-",
"index_name_format": "yyyy-MM",
"if": "ctx.process == 'SECURITY'"
}
},
{
"date_index_name": {
"field": "@timestamp",
"date_rounding": "w",
"index_name_prefix": "kubernetes_cluster-",
"index_name_format": "yyyy-ww"
}
}
]
},
"docs": [
{
"_source": {
"@timestamp": "2022-08-17T07:25:57.530Z"
}
}
]
}
Test result :
{
"docs" : [
{
"doc" : {
"_index" : "<kubernetes_cluster-{2022-33||/w{yyyy-ww|UTC}}>",
"_type" : "_doc",
"_id" : "_id",
"_source" : {
"@timestamp" : "2022-08-17T07:25:57.530Z"
},
"_ingest" : {
"timestamp" : "2022-08-17T08:08:17.311457476Z"
}
}
}
]
}
Reality result (done with the same @timestamp as the test) :
kubernetes_cluster-2021-52
Note : The first date_index_name to root few documents out of the main index is working fine.
Note 2 : When date rounding is set to w, I get year 2021,
when I set date rouding to m, I get year 2022, complete non sense to me...
Thank you for your help.