Logs from ES 2.2.0 to ES 5.0.2 with Logstash with date of indexing?

lifesaver13 · December 19, 2016, 8:56am

Hello everyone,

I'm moving old logs of my ElasticSearch 2.2.0 to an higher version of ElasticSearch 5.0.2 using Logstash. I write the following configuration :

input
{
elasticsearch
{
hosts => ["localhost:9200"]
index => "old-logs*"
}
}

output
{
elasticsearch
{
hosts => ["localhost:9201"]
index => "old-logs..." # looking for index with the date of indexing #
}
stdout { codec => rubydebug }
}

The moving is working but I would like to know how I can move the logs by date of indexing?

for exemple I've got the index old-log-01-12-2015, old-log-02-12-2016, etc... in ES 2.2.0 I wouls like to have the same index in ES 5.0.2

Thank you

J.S

jakommo · December 20, 2016, 4:43pm

I think what you are looking for is the docinfo setting of the Elasticsearch input. This will include the metadata of the indices you are reading from, which you can then use in the output section to define the index the data is being written to.
The doc page linked above also has an example config for this.

About reindexing from one cluster into another, you don't need Logstash for this anymore, as the _reindex API got support for remote reindexing in 5.0. Also see this page.

lifesaver13 · December 21, 2016, 8:23am

Hello,

Thank you for your answer! It's working!

J.S

system · January 18, 2017, 8:23am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.