I've been doing more testing and I'm almost done learning about ELK. But I have a little problem. By creating a pipeline and outputting the elasticsearch cluster as follows:
output {
elasticsearch {
hosts => [ "IP:9200", "IP:9200", "IP:9200" ]
manage_template => false
index => "example-%{+yyyy.MM.dd}"
}
}
It does not correctly create the date. I have followed the indications of the documentation as it says: https://www.elastic.co/guide/en/logstash/current/plugins-outputs-elasticsearch.html#plugins-outputs-elasticsearch-index
The above code creates the index: example-
Instead if I leave the default by unchecking the fields manage_template and index it create the index with the format correct: logstash-2020.08.17-000001
So I don't really know what I'm failing at. If it is a documentation issue or some other formatting error.
Another detail is that I have seen some examples from 2018 with the following format: index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}" . And reviewing the same previous link about the elasticsearch output plugin means creating different indexes, but I think it refers more to separating indexes according to a production or development space more than creating different indexes according to a date.