ElasticSearch output with alias

Hello,

Do we have to configure manualy first time index name in Elasticsearch output ?

Let me explain, the context is :

I create a index named :

index: "es_on_demand_index-000001"

I have an index Lifecycle Policies like this :

{
  "policy": "policy_exlabel",
  "phase_definition": {
    "min_age": "0ms",
    "actions": {
      "rollover": {
        "max_size": "5mb",
        "max_age": "3d"
      },
      "set_priority": {
        "priority": 100
      }
    }
  },

When index is create, I create an alias manualy (alias es_on_demand), I stop Filebeat's service, I change Elasticsearch output by the alias name :

index: "es_on_demand"

I start Filebeat's service, and when conditions of my ILM are true, a new index is create :

es_on_demand_index-000002

and logs points to the right index.

My question is : Can I create the first time, a alias who points a pattern index even if the index is not created yet ?

Thanks for your help

You can create an ILM policy and an index template that uses an alias, and then create the index.

Tutorial: Automate rollover with ILM | Elasticsearch Guide [7.6] | Elastic runs through what that looks like.

That's super small, is there a reason you've chosen that size?

Hi,

Thank you so your support.

I think my issue will be resolved by this help.

Yes 5mb is very small, it's just for test to check if my ILM run correctly.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.