How to create index automatically by logstash conf

Elastic Stack Logstash
1

Hi all,

when I call

$curl -XPUT -u es_admin:iiiiii 'http://localhost:9200/franky/json/1' -d '{ "ismb.miki.host":"192.168.10.53" }'

the result is

{"_index":"franky","_type":"json","_id":"1","_version":2,"created":false}

why attribute 'created' is false?

I would like to create index franky from logstash conf file automatically, did I missing something?

            elasticsearch {
                    cluster => "elasticsearch"
                    host => "elasticsearch"
                    codec => "json"
                    protocol => "http"
                    index => "franky"
            }
2

Because you are updating an existing document.

That config looks mostly ok, you can remove the cluster part, and are you sure the hostname is 'elasticsearch`?
Otherwise, does it not work?

3

Hi Mark,

Thanks for replying,

It works, but attribute 'created' of index 'franky' is false, and attribute 'created' of default index 'logstash' is true?

{"_index":"logstash","_type":"json","_id":"1","_version":1,"created":true}
4

I think you might be conflating the two things here.

Are you getting that from the LS log?

5

Hi Mark,

Yes, that is from the LS log, I am confusing with 'created', when 'created' be true/false?

Thanks

6

You have two questions here.

  1. When you use that curl and get that response (note: "_version":2) that means you have updated a document that already existed, this is why you also got "created":false.
  2. Your Logstash config looks ok, per my previous comments. If you want to check that the index exists then use curl localhost:9200/_cat/indices and you should see it.