Hi,
When I try to create an index in logstash output using:
elasticsearch {
hosts => "myelasticsearch:9200"
index => "my_index-%{+YYYY.MM.dd}"
}
In the log of elasticsearch the name of the index is "my_index-" and not appear the date.
Any idea?
Thanks.
I am confused because
output {
if "_grokparsefailure" not in [tags] {
file {
path => "./logs/%{[fields][app_id]}-grok-%{+YYYY.MM.dd}.log"
}
} else {
file {
path => "./logs/%{[fields][app_id]}-grokparsefailure-%{+YYYY.MM.dd}.log"
}
}
}
And this is the result:
[2020-03-19T12:11:32,785][INFO ][logstash.outputs.file ][main] Opening file {:path=>"/home/elastic/logstash-7.5.2/logs/squid-grok-.log"}
[2020-03-19T12:11:42,502][INFO ][logstash.outputs.file ][main] Opening file {:path=>"/home/elastic/logstash-7.5.2/logs/squid-grokparsefailure-2020.03.19.log"}
[2020-03-19T12:11:43,462][INFO ][logstash.outputs.file ][main] Closing file /home/elastic/logstash-7.5.2/logs/squid-grok-.log
[2020-03-19T12:11:53,568][INFO ][logstash.outputs.file ][main] Closing file /home/elastic/logstash-7.5.2/logs/squid-grokparsefailure-2020.03.19.log
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.