How to name elasticsearch index based on time in result set from JDBC input?

elasticheart · January 17, 2017, 5:11am

Hi,

I am using jdbc input having a query like;

SELECT id,name,address,timea,timeb FROM mytable where TO_CHAR(timea,'yyyy-mm-dd') > '2017-01-01' and TO_CHAR(timeb,'yyyy-mm-dd') < '2017-01-16'

I have configured my elasticsearch output like;

index => "myindex-%{+YYYY-MM-dd}"

I was expecting indices like myindex-2017-01-01, myindex-2017-01-02, myindex-2017-01-03 etc. But what I got was a single index myindex-2017-01-17 with all entries inside. I think it took my system date instead of date from query result. How can I achieve indices like I have mentioned?

Thanks in advance..

magnusbaeck · January 17, 2017, 6:29am

Use the date filter to parse one of the date fields and store the result in the @timestamp field.

system · February 14, 2017, 6:29am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.