How to create index with a date with a template?

emoxam · January 19, 2024, 12:26pm

When i start logstash it creates index with a date, but if i delete this index it creates by the template without any date.
How to create index with a date with a template ?
Thanks

yago82 · January 19, 2024, 1:59pm

Hi,

can you share your logstash config?

Regards

emoxam · January 20, 2024, 11:26am

input {
  tcp {
    port => 5000
    codec =>plain
  }
}
filter {
  if [message] =~ /actions/ or [message] =~ /172\.16\.10\.78/ or [message] =~ /172\.16\.10\.77/ {
  grok {
    match => [ "message",
               "%{GREEDYDATA:timestamp} %{LOGLEVEL:level} %{GREEDYDATA:data}"
             ]
  }
    date {
      match => [ "timestamp" , "yyyy-MM-dd HH:mm:ss,SSS" ]
  }
} else {
  }
}
output {
  elasticsearch {
    hosts => "https://localhost:9200"
    ssl_verification_mode => none
    user => "elastic"
    password => "In6FPtXUdPK+i9+Y7skS"
    index => "actions-logs"
    data_stream => false
    ilm_enabled => true
    ilm_policy => "logstash-policy"
    ilm_rollover_alias => "actions-logs"
    ilm_pattern => "{now/d}-000001"
  }
}

emoxam · January 22, 2024, 7:56am

Any news ?

system · February 19, 2024, 7:57am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.