my use case is to rollover indices in every 4 hours .so i use curator for
define alias and rollover for indices.
so new indices is created but in new indices no data is written by logstash into it.
by exploring i found that while creating alias this setting "is_write_index": true
is must be define .but in curator how to define it
my curator action file looks like
actions:
1:
action: alias
description: >-
Alias indices from last week, with a prefix of kibana_sample_data_ecommerce to 'kibana_alias-000001',
remove indices from the previous week.
options:
name: alias1
warn_if_no_indices: False
disable_action: False
add:
filters:
- filtertype: pattern
kind: prefix
value: ram-
2:
action: rollover
description: >-
Rollover the index associated with alias 'aliasname', which should be in the
format of prefix-000001 (or similar), or prefix-YYYY.MM.DD-1.
options:
disable_action: False
name: alias1
conditions:
max_age: 10s
my logstash file is
input {
file {
path => "/var/log/containers/*.log"
start_position => "beginning"
}
}
filter{
}
output {
elasticsearch {
hosts => ["http://10.109.226.97:9200"]
index => alias1
}
}