How is -%{+YYYY.MM.dd} generated on Logstash output

A_B · July 30, 2018, 1:52pm

Hello,

I use daily ES indices that are created by Logstash using

output {

  elasticsearch {
...
        index => "%{[@metadata][foo]}-%{+YYYY.MM.dd}"
  }
}

I always assumed that Logstash looks up the date from the system but now I am seeing some evidence that it might come from @timestamp in the log message. Could someone confirm this suspicion?

Cheers,
AB

Badger · July 30, 2018, 2:25pm

Confirmed. It is based on @timestamp.

A_B · July 30, 2018, 2:48pm

Thank you @Badger

magnusbaeck · August 1, 2018, 8:35pm

The behavior is documented here: https://www.elastic.co/guide/en/logstash/current/event-dependent-configuration.html#sprintf

system · August 29, 2018, 8:35pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash Output to Elasticsearch using todays date instead of @timestamp Logstash	6	2693	June 3, 2020
Generate dynamic date for ES Index Logstash	5	2632	July 6, 2017
[Solved] [Logstash] Elasticsearch output plugin question Logstash	3	527	July 6, 2017
Find source code of index date in elasticsearch output plugin Logstash	3	249	May 1, 2020
Question Regarding `index` in logstash elasticsearch output plugin Logstash	3	483	February 22, 2018

How is -%{+YYYY.MM.dd} generated on Logstash output

Related topics