How to auto apply index policy to newly created indexes in AWS Elasticsearch

nitin194 · November 9, 2020, 10:56am

We push Nginx logs to AWS Elasticsearch using Filebeat and Logstash. We have created an index pattern with the name nginx-error-logs* & nginx-access-logs*. We can see in Kibana that daily new indices are being created based on the nginx log file date pattern. We created index policy and applied to existing indices but we would like to auto-apply the same ISM policy for all the newly created indices in Elasticsearch. Kindly help us to achieve this?

Is this the correct format to apply in Devtools console?

PUT _template/testindex_template
{
  "index_patterns": ["*"],
  "settings": {
    "opendistro.index_state_management.policy_id": "index_lifecycle_management_policy"
  }
}

should that be applied on the filebeat or Logstash config?

dadoonet · November 9, 2020, 12:35pm

We don't support this on this forum. you should ask on the opendistro forum instead.

BTW did you look at Cloud by Elastic, also available if needed from AWS Marketplace ?

Cloud by elastic is one way to have access to all features, all managed by us. Think about what is there yet like Security, Monitoring, Reporting, SQL, Canvas, Maps UI, Alerting and built-in solutions named Observability, Security, Enterprise Search and what is coming next ...

nitin194 · November 9, 2020, 1:03pm

Thank you @dadoonet for the feedback. I will ask this in a separate forum.

system · December 7, 2020, 1:03pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.