Index Frequency & Rollover

Tim_Mobley · February 8, 2022, 1:17pm

If you have an ILM policy set to the default rollover settings (30 days or 50 GB), how should you configure your indexing in the LogStash output to align with that? Here's what I mean... if you have the following output block:

output {
  elasticsearch {
    hosts => [ "https://hotdata1:9200", "https://hotdata2:9200" ]
    index => "data-source-%{YYYY.MM.dd}"
  }
}

That creates a new index each day. But if the index isn't yet 50 GB we don't want that. Should I make the index setting this:

index => "data-source-%{YYYY.MM}"

...or just leave off the date altogether?

system · March 8, 2022, 1:17pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Understanding ILM policy Logstash ilm-index-lifecycle-management	5	309	September 22, 2021
Index roll over every 30 minutes Logstash	11	1397	January 8, 2022
Logstash with ILM configuration Elasticsearch ilm-index-lifecycle-management	2	1268	February 14, 2023
Question about "Rollover" in Index Lifecycle Policy Kibana ilm-index-lifecycle-management	9	1617	October 14, 2021
Logstash Indices Rollover to Warm Logstash ilm-index-lifecycle-management	1	369	February 18, 2022

Index Frequency & Rollover

Related Topics