Elasticsearch input plugin index date

Scoyle · August 23, 2018, 6:54pm

Hello,

im trying to get the elasticsearch input plugin to look at the previous days index. it seems to only like the wildcard or a full index name in the field. has anyone been able to change the date on the index for the plugin?

index => "indexname-%{+YYY.MM.dd}" gives an error of no such index except thats how the indexes are formatted index => "indexname-2018.08.23" will give me todays index and work but i constantly want it to be using the previous days because im inputting certain information into a csv file.

thanks!

magnusbaeck · August 23, 2018, 8:12pm

There's no great way of doing this. Why not use a wildcard index name and use a query to restrict which documents are returned by the elasticsearch input?

Scoyle · August 24, 2018, 11:56am

I was thinking that might be the case. would you just query indexname-{now/d-1d{YYY.MM.dd}}?

magnusbaeck · August 24, 2018, 2:14pm

No, use the elasticsearch input's query option.

system · September 21, 2018, 2:14pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Date in logstash input Logstash	4	256	July 18, 2018
Calculating before input plugin Logstash	2	491	August 1, 2017
Elasticsearch Filter - Daily index search Logstash	1	262	May 31, 2019
Elasticsearch Input Plugin - Index field string to match system date Logstash	4	1822	July 6, 2017
Reading previous week indice with elastic input plugin Logstash	4	649	November 8, 2017

Elasticsearch input plugin index date

Related topics