Index by hostname?

Nikolas1306 · October 21, 2022, 10:34am

      elasticsearch {
			hosts => ["localhost:9200"]
                      
			index =>  "logstash-%{[host][hostname]}%{+YYYY.MM.dd}"
		 }

but have

stephenb · October 21, 2022, 10:52pm

The syntax is correct... (even though I think you want another - between the hostname and date)

What you are seeing is when that field does not exist / logstash is not able to get the host name from the host or for some reason your pipeline has corrupted or deleted that field.

When logstash can not access the fields is substitutes the literal.

If you do a simple in the output you will see the fields you can work with.

stdout {}

Somtime that field ends up in [host][name]

Nikolas1306 · October 22, 2022, 7:14am

i've resolved with

index => "logstash-%{[host][name]}%{+YYYY.MM.dd}"

system · November 19, 2022, 7:14am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash EXEC input Logstash	4	511	March 26, 2020
Indices names missing timestamp Logstash	4	565	December 19, 2019
Custom logstash index name output to ES Logstash	2	2394	July 5, 2017
Default Index Pattern (logstash-yyyy.MM.dd) Failing Logstash	8	915	October 25, 2022
Date Variable on index name Logstash	4	192	March 14, 2024

Index by hostname?

Related Topics