Hello All -
I am currently trying to set up some lifecycle policy's to clean up indices. In Kibana, I have an index pattern of "logstash-*". Fluentd is just taking everything matching that pattern and sending it. This creates a new indice each day such as logstash.2020.08.01. I could apply the lifecycle policy directly to the indice, but I would have to go in each day and do that to each subsequent indice that gets automatically created. I assume the correct way to go about this is to create an index template, and apply the lifecycle policy to the template? And then somehow edit my fluentd configuration to direct it to a given index template instead of just a kibana index pattern? Am I on the right track? Also wondering what to put for "Alias" in this scenario, because when I attempt to bind a lifecycle policy to a template, it says with rollover enabled you have to specify alias. Not sure what is appropriate for that.
Thanks so much for your help!
