I've upgraded from 6.8 to 7.3 on Elastic Cloud (I mainly use APM) but the index names have changed, how do I change them back?
Originally I had apm-6.8.3-transaction-2019.09.23 etc, rotating daily. Now I have apm-7.3.2-transaction-0000001 and it doesn't appear to be rotating at all. I'd prefer a new index each day and then I can delete indexes after X days.
For anyone else who comes across this, it was the new Index Lifecycle Policy automation kicking in.
I do this manually with a top level inheriting policy of my own. I give it a high order number to make it run last.
Disabling setup.ilm.enabled in both Filebeat and Functionbeat allows it to revert to its default daily index naming and then I can manage it from there.
For APM it was a little different as the configuration from the Go APM agent isn't as customisable. I set this for the Elasticsearch server config itself:
output.elasticsearch:
indices:
- index: "apm-%{[observer.version]}-sourcemap"
when.contains:
processor.event: "sourcemap"
- index: "apm-%{[observer.version]}-error-%{+yyyy.MM.dd}"
when.contains:
processor.event: "error"
- index: "apm-%{[observer.version]}-transaction-%{+yyyy.MM.dd}"
when.contains:
processor.event: "transaction"
- index: "apm-%{[observer.version]}-span-%{+yyyy.MM.dd}"
when.contains:
processor.event: "span"
- index: "apm-%{[observer.version]}-metric-%{+yyyy.MM.dd}"
when.contains:
processor.event: "metric"
- index: "apm-%{[observer.version]}-onboarding-%{+yyyy.MM.dd}"
when.contains:
processor.event: "onboarding"
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.