Index can not assign to a default ilm policy

baalchina · January 27, 2022, 4:32pm

Hi, I am using logstash to collect my switch's syslog. Here is the logstash config like:

input{
    syslog{
        type => "syslog-sw-hw-128"
        host => "1.2.3.4"
        port => 580
    }
}

output{
    if [type] == "syslog-sw-hw-128" {
       elasticsearch {
        hosts => ["1.2.3.5:9200"]
            user => "elastic"
            password => "changeme"
            index => "syslog-sw-hw-128-%{+YYYYMMdd}"
            ilm_policy => "180-days-default"
        }
    }
}

Ant the question is:

1, the index created successfully, and have data.
2, but in kibana, ilm, the 180-days-default policy had no assigined index.

btw, kibana/logstash/es all 7.16, and when list plugin list in logstash, the logstash-output-elastisearch plugin is successfule list.

Thanks a lot.

Badger · January 27, 2022, 6:27pm

If that index is created then ILM is not in use. The output checks if ILM is in use, if it were then it would override the value of the index option and log a warning that it was doing so.

The code that decides if ILM is in use is here.

system · February 24, 2022, 6:27pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Help with simple ILM rollover configuration for existing index Elasticsearch ilm-index-lifecycle-management	2	202	August 17, 2023
ILM for new indices created via Logstash Elasticsearch ilm-index-lifecycle-management	1	231	December 5, 2023
Rollover ILM policy for existing Index Logstash ilm-index-lifecycle-management	6	402	March 1, 2022
Ilm policy error Logstash ilm-index-lifecycle-management	1	283	August 17, 2022
ILM policy based on index and not on index template Elasticsearch ilm-index-lifecycle-management	6	761	March 2, 2022

Index can not assign to a default ilm policy

Related Topics