Find not updated indices through logsatsh

We have around 50 indices in elastic and their data are being updated daily basis. But if data is not updated in a day We want to log that index name so we can take some action.

All indexes will have updatedAt field from which we can identify the last updated time of a document.

So our goal is to run cron through logstash every night and identify which indices are not updated today.

We are able to achieve this for a single index via elasticsearch input plugin with a schedule but not finding any way for all the indices.

ELK version - 7.6.0

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.