Hi,
I’m using logstash to ingest data into my elasticloud ES.
I’m using custom index names, such as “client_name-winlogbeat-2021.03.05” and “client_name-o365-2021.03.05” for windows and office 365 logs respectively.
By doing so, I’m unable to configure ILM for those indices.
An example of my logstash configuration can be seen as follow:
input {
syslog {
port => 9001
codec => cef
type => "syslog_server"
tags => ["office365"]
}
}
output {
if "icts-carbon-black" in [tags] {
elasticsearch {
hosts => ["ip:port"]
user => "user"
password => "pass"
manage_template => false
ssl => true
ssl_certificate_verification => false
index => "client-o365-%{+YYYY.MM.dd}"
}
}
}
I’d like to ask how can I enable ILM policies for those custom indexes.
Thank you