Unfortunately from 30th sep my LS service was down and below files are still waiting to get indexed . If I start LS today (03-10-2019)it will parse and save data in today's Index which I do not want . I want to create index as per file date . I have files like below
30_09_2019_test.log
01_10_2019_test.log
02_10_2019_test.log
03_10_2019_test.log
And I want to create index as below
test-2019.09.30
test-2019.10.01
test-2019.10.02
I hope I was clear with what I want to achieve . Please let me know if you need further info which I can provide .
"test-%{+YYYY.MM.dd}" is evaluated using the [@timestamp] field. You need to use a date filter to parse a field that contains the date of the events to set [@timestamp].
Well this is exactly what I was thinking but here is the challenge that I have the date filter that I have rt now is on another field and I am not treating this as timestamp field . Here is what I have
and at kibana level I am defining index pattern based on this date . So is there any way that "test-%{+YYYY.MM.dd}" settings picks date from "managerReceiptTime" or from file name than timestamp field . If not then I have to convert managerReceiptTime and target to timestamp which I do not want as things will be disturbed . Can you suggest any other workaround ?
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.