Hi Folks.
I'm currently using a cron job to reindex certain log-messages of multiple daily indexes into a new one. Is this possible via elastic internal tools like rollups ? Im currently querying the logs if they contain certain keywords and reindex them if they do. Sadly rollups seem to be more for metrics.
Not via rollups, no.
The other approach is to put those messages into their own indices to begin with.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.