Indexes aren't being autocreated

nijave · July 9, 2019, 10:13pm

I have logstash outputting data to Elasticsearch but it created the first index and hasn't created any since. I created a VM with logstash/elasticsearch with this ansible playbook https://pastebin.com/innbMN4p

/etc/elasticsearch/elasticsearch.yml

cluster.initial_master_nodes: elk01
cluster.name: logs
http.port: 9200
network.host: 0.0.0.0
node.master: true
node.name: elk01
transport.port: 9300

#################################### Paths ####################################

# Path to directory containing configuration (this file and logging.yml):
path.data: /opt/elasticsearch/data
path.logs: /var/log/elasticsearch
action.auto_create_index: true

/etc/logstash/conf.d/logstash.conf

input {
  beats {
    ssl => false
    host => "::"
    port => 5044
  }

  http {
    ssl => false
    host => "::"
    port => 8888
  }

  udp {
    host => "::1"
    port => 10514
    codec => "json"
    type => "rsyslog"
  }
}

output {
  elasticsearch {
    hosts => ["http://localhost:9200"]
    index => "logstash-%{+YYYY.MM.dd}"
    # index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
  }
}

The original index was "logstash-2019.07.02-000001" which seems strange as well--not sure where it got that suffix from

rugenl · July 9, 2019, 10:27pm

Versions 7.0 and beyond use ILM by default. The default policy probably isn't doing daily rollover.

system · August 6, 2019, 10:27pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.