Hello i am trying to understand more the flow and privileges of the stack
in my output configuration i have this
hosts => "${ELASTICSEARCH_HOST}"
ssl => true
user => "${ELASTICSEARCH_USER}"
password => "${ELASTICSEARCH_PASS}"
index => "failure_logs"
template_name => "failure_logs"
there i am saying that i want to use the template failure_logs, but what happend if i have a template with index pattern *, who has the priority, logstash saying that wants to insert in the template, or elasticsearch saying this logs needs to be inserted here?
I am not sure I fully got the question, so I answer what I know. logstash is doing two things here, first putting that template on start up, second indexing documents. Each of those actions requires a dedicated privilege for the user specified. It does not matter what is written in that index template, as long as that privilege exists.
Mi question is why i am adding a template_name in logstash output if then elasticsearch is going to decide base on the index pattern i declared in the templates.
the template name is the unique identifier of the template itself, which needs to be used to create or delete templates. The template name has indeed nothing to do for what indices are template is applied.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
