Elasticsearch output template_name and template index pattern doubt

Hello i am trying to understand more the flow and privileges of the stack

in my output configuration i have this

        hosts => "${ELASTICSEARCH_HOST}"
        ssl => true
        user => "${ELASTICSEARCH_USER}"
        password => "${ELASTICSEARCH_PASS}"
        index => "failure_logs"           
        template_name => "failure_logs"

there i am saying that i want to use the template failure_logs, but what happend if i have a template with index pattern *, who has the priority, logstash saying that wants to insert in the template, or elasticsearch saying this logs needs to be inserted here?

Thanks

Hey,

I am not sure I fully got the question, so I answer what I know. logstash is doing two things here, first putting that template on start up, second indexing documents. Each of those actions requires a dedicated privilege for the user specified. It does not matter what is written in that index template, as long as that privilege exists.

See https://www.elastic.co/guide/en/logstash/7.3/ls-security.html

hope this helps, if not, I'm happy to dig deeper :slight_smile:

--Alex

Mi question is why i am adding a template_name in logstash output if then elasticsearch is going to decide base on the index pattern i declared in the templates.

the template name is the unique identifier of the template itself, which needs to be used to create or delete templates. The template name has indeed nothing to do for what indices are template is applied.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.