Hi
I have a bit index journalbeat-*... we would like to have an extract of it which we would like to keep for months with only a few fields... what i the best way to achieve this?
You could reindex the data you want into a new index. Use an elasticsearch input, and perhaps a prune filter to whitelist the few fields that you want to keep.
Thank you Badger... but can this be done continuously every hour or so?
You just have to configure the right schedule: https://www.elastic.co/guide/en/logstash/current/plugins-inputs-elasticsearch.html#_scheduling
Perfect... with the combination of reindex data with a scheduler would help in this case? I just was not sure if reindex can be done with the destination on the same index all the time.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.