ES are creating indexes for a year ago

Hi there.
I have ES 1.7.5 cluster with 8 nodes.
After the New Year, I see that there are indexes like logstash-2016.01.04,logstash-2016.01.05,logstash-2016.01.06 etc
And they have some data about 200mb.
They were created on the same day but in the year ahead
How to understand who is creating them ?
I see nothing in log file :frowning:

Well, what's in the indexes? And what version of Logstash are you using?

I'm using Logstash 1.5.2
and how can I watch data in the index? Sorry, I dont know(

I'm using Logstash 1.5.2

Then it's most likely the bug below which was fixed in v2.1.0 of the date filter. I haven't looked in which Logstash release that version was included, but Logstash 1.5.2 is definitely too old to include it.

and how can I watch data in the index?

You're not using Kibana?

))))
Im using Kibana but I cant found timestamps for 2016 year.)
So my way is upgrading logstash ?
Is logstash 2.x works correctly with ES 1.7 ?

Im using Kibana but I cant found timestamps for 2016 year.)

Are you saying that you don't get any hits if you select 2016-01-01 to 2016-01-10 as the date range in Kibana?

You can of course also use Elasticsearch's REST API to inspect the contents of indexes.

So my way is upgrading logstash ?

To fix the problem permanently, yes. For now you can just restart Logstash and it'll snap back to 2017, but the problem will return every new year.

Is logstash 2.x works correctly with ES 1.7 ?

Yes: Support Matrix | Elastic

Magnus, sorry, my bad.
I really see messages when choose the correct timerange.
And it's time to upgrade my cluster. Thank you for your help!

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.