How to create daily Indices in elastic search 7.1.0?

irobot678 · August 1, 2019, 1:58pm

Hi,
I am using ELK stack version 7.1.0 and i send my logs using logstash.
Now,

All my logs are getting into one index. I want create index daily basis and store those logs of that particular day in that particular index.

Previously when i used 6.8 version elasticsearch used to create a index each day on its own .

please help me solve it.

logstash.conf

input {
file {
path => "/home/Desktop/a.log"
start_position => "beginning"
}
}
filter {
grok {
match => { "message" => "%{TIMESTAMP_ISO8601:date}%{GREEDYDATA:message}" } }
}
output {
elasticsearch { hosts => ["localhost:9200"] }
stdout { codec => rubydebug }
}

Bernt_Rostad · August 1, 2019, 2:18pm

You should be able to achieve this by adding an index specification within the elasticsearch output element in your logstash.conf, for instance like this:

output {
    elasticsearch {
        hosts => ["localhost:9200"]
        index => "logstash-%{+YYYY.MM.dd}"
    }
   stdout { codec => rubydebug }
}

For more info see Elasticsearch output plugin.

irobot678 · August 2, 2019, 7:03am

Thanks @Bernt_Rostad for the reply.

But it isn't helping i think my index name is getting overwritted by my index life cycle policy.

Bernt_Rostad · August 2, 2019, 7:37am

Sorry to hear that, I have no experience with ILM yet so I'm afraid I can't help you there.

irobot678 · August 14, 2019, 7:48pm

Solved by making the following changes.

output {
elasticsearch {
hosts => ["localhost:9200"]
index => "logstash-%{+YYYY.MM.dd}"
manage_template => false
user => elastic
password => *******
}
}

system · September 11, 2019, 7:48pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.