Index Frequency & Rollover

Tim_Mobley · February 8, 2022, 1:17pm

If you have an ILM policy set to the default rollover settings (30 days or 50 GB), how should you configure your indexing in the LogStash output to align with that? Here's what I mean... if you have the following output block:

output {
  elasticsearch {
    hosts => [ "https://hotdata1:9200", "https://hotdata2:9200" ]
    index => "data-source-%{YYYY.MM.dd}"
  }
}

That creates a new index each day. But if the index isn't yet 50 GB we don't want that. Should I make the index setting this:

index => "data-source-%{YYYY.MM}"

...or just leave off the date altogether?

system · March 8, 2022, 1:17pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Rollover Indeces using Logstash and Elastic Logstash ilm-index-lifecycle-management	14	1046	September 20, 2020
Understanding ILM policy Logstash ilm-index-lifecycle-management	5	309	September 22, 2021
Index roll over every 30 minutes Logstash	11	1408	January 8, 2022
Logstash with ILM configuration Elasticsearch ilm-index-lifecycle-management	2	1288	February 14, 2023
Question about "Rollover" in Index Lifecycle Policy Kibana ilm-index-lifecycle-management	9	1638	October 14, 2021

Index Frequency & Rollover

Related topics