ES are creating indexes for a year ago


(IT2) #1

Hi there.
I have ES 1.7.5 cluster with 8 nodes.
After the New Year, I see that there are indexes like logstash-2016.01.04,logstash-2016.01.05,logstash-2016.01.06 etc
And they have some data about 200mb.
They were created on the same day but in the year ahead
How to understand who is creating them ?
I see nothing in log file :frowning:


(Magnus Bäck) #2

Well, what's in the indexes? And what version of Logstash are you using?


(IT2) #3

I'm using Logstash 1.5.2
and how can I watch data in the index? Sorry, I dont know(


(Magnus Bäck) #4

I'm using Logstash 1.5.2

Then it's most likely the bug below which was fixed in v2.1.0 of the date filter. I haven't looked in which Logstash release that version was included, but Logstash 1.5.2 is definitely too old to include it.

and how can I watch data in the index?

You're not using Kibana?


(IT2) #5

))))
Im using Kibana but I cant found timestamps for 2016 year.)
So my way is upgrading logstash ?
Is logstash 2.x works correctly with ES 1.7 ?


(Magnus Bäck) #6

Im using Kibana but I cant found timestamps for 2016 year.)

Are you saying that you don't get any hits if you select 2016-01-01 to 2016-01-10 as the date range in Kibana?

You can of course also use Elasticsearch's REST API to inspect the contents of indexes.

So my way is upgrading logstash ?

To fix the problem permanently, yes. For now you can just restart Logstash and it'll snap back to 2017, but the problem will return every new year.

Is logstash 2.x works correctly with ES 1.7 ?

Yes: https://www.elastic.co/support/matrix#show_compatibility


(IT2) #7

Magnus, sorry, my bad.
I really see messages when choose the correct timerange.
And it's time to upgrade my cluster. Thank you for your help!


(system) #8

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.