Long time lurker, but first time poster! So lets see if this works!
Currently implementing a Hot-Warm architecture. Which consists of
3 dedicated Master Nodes
3 Hot Nodes
3 Warm Nodes
The Attrib is set by
node.attr.box_type: master/hot/warm
Now what is not Elastic specific is that the cluster is deployed using Salt Stack, which comes into play later.
i Ingest my data from File/Audit-Beat etc. through a Logstash Pipe.
Output Looking like
elasticsearch { hosts => ["elasticsearch-hot-01:9200","elasticsearch-hot-02:9200","elasticsearch-hot-03:9200"] manage_template => false index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}" }
And that creates daily indices as intended.
Now comes the issue, which is that logstash is creating the indicies on all nodes. But i would only like it to use the Hot nodes as those are on SSDs. Makes sense right!
Now what i really dont want to do is to use the Rest API to ILM the issue. Simply because that would create a really bad implementation with the Salt state.
Moving the index to Warm nodes will be achieved using Curator.
So simply put, is there any way to using logstash to set the created indexes to only exist on Hot, instead of Hot and Warm nodes? without having to use Rest API Calls?