Hi,
I generate an index per day in logstash, but when I see the index details in the kibana monitoring it shows different number of documents than thoses returned by discovery search in the same day.
Folowing, the number of docs in the monitoring (515.2k).
Folowing the number of docs returned by the discovery search (368.8k).
Shouldn't it be the same?
Thanks,
Samuel Lima
Hi @Samuel_Lima ,
Is the time period the same in the monitoring view as the discover view?
Hi @chrisronline ,
It was supposed to be the same as I use the current day to create new indexes.
input {
lumberjack {
port => 5021
ssl_certificate => "/elasticsearch/elasticsearch/config/certs/lumberjack.cert"
ssl_key => "/elasticsearch/elasticsearch/config/certs/lumberjack.key"
}
}
filter {
grok {
match => [ "message" , "%{YEAR}-%{MONTHNUM}-%{MONTHDAY}[T ]%{HOUR}:?%{MINUTE}(?::?%{SECOND})?%{ISO8601_TIMEZONE}? INFO %{NUMBER:pid} com.l7tech.log.custom.cartao: -4: %{GREEDYDATA:log_cartao}"]
}
mutate{
update => { "message" => "%{[log_cartao]}"}
remove_field => [ "log_cartao"]
remove_field => [ "matched"]
}
json {source => "message"}
mutate { "convert" => [ "elapsedTime" , "integer" ] }
mutate { "convert" => [ "responseCode" , "integer" ] }
mutate {remove_field => [ "message"]}
}
output {
#stdout { codec => rubydebug }
elasticsearch {
hosts => ["https://server:9200"]
index => "appcartao-%{+YYYY.MM.dd}"
manage_template => true
template_name => "appcartao"
document_type => "doc"
user => "elastic"
password => "xxxxxxxx"
ssl => true
ssl_certificate_verification => true
truststore => "/elasticsearch/elasticsearch/config/certs/elastic-certificate.keystore"
truststore_password => xxxxxxxx
}
}
system
(system)
Closed
April 30, 2019, 2:39pm
4
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.