Elasticsearch input plugin index date

Scoyle · August 23, 2018, 6:54pm

Hello,

im trying to get the elasticsearch input plugin to look at the previous days index. it seems to only like the wildcard or a full index name in the field. has anyone been able to change the date on the index for the plugin?

index => "indexname-%{+YYY.MM.dd}" gives an error of no such index except thats how the indexes are formatted index => "indexname-2018.08.23" will give me todays index and work but i constantly want it to be using the previous days because im inputting certain information into a csv file.

thanks!

magnusbaeck · August 23, 2018, 8:12pm

There's no great way of doing this. Why not use a wildcard index name and use a query to restrict which documents are returned by the elasticsearch input?

Scoyle · August 24, 2018, 11:56am

I was thinking that might be the case. would you just query indexname-{now/d-1d{YYY.MM.dd}}?

magnusbaeck · August 24, 2018, 2:14pm

No, use the elasticsearch input's query option.

system · September 21, 2018, 2:14pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.