Hello Experts,
Expecting replies from you 
I have created a Logstash Config file, which takes Elasticsearch Index ( filebeat-7.16.3-2022.09.16-000020) as Input.
Now that index is full and new index is created automatically and data stopped flowing as new data is in new Index ( filebeat-7.16.3-2022.09.23-000021)
so , I used " filebeat-* " index (Index Pattern) , but it didn't worked.
Is there any additional setting to use Index Pattern / Wildcard as Index in Logstash Input ?
Working Code:
input {
elasticsearch {
hosts => ["----"]
ca_file => "----"
user => "----"
password => "----"
ssl => true
index => "filebeat-7.16.3-2022.09.16-000020"
docinfo => true
scroll => "5m"
schedule => "59 23 * * *" #Run every day at 23:59
query => '{ "query": { "match": { "host.hostname" : "abcde1234" } }}'
}
}
Need as below:
input {
elasticsearch {
hosts => ["----"]
ca_file => "----"
user => "----"
password => "----"
ssl => true
index => "filebeat-*"
docinfo => true
scroll => "5m"
schedule => "59 23 * * *" #Run every day at 23:39
query => '{ "query": { "match": { "host.hostname" : "abcde1234" } }}'
}
}
Regards,
Ajit Shinde
India