Logs from ES 2.2.0 to ES 5.0.2 with Logstash with date of indexing?

lifesaver13 · December 19, 2016, 8:56am

Hello everyone,

I'm moving old logs of my ElasticSearch 2.2.0 to an higher version of ElasticSearch 5.0.2 using Logstash. I write the following configuration :

input
{
elasticsearch
{
hosts => ["localhost:9200"]
index => "old-logs*"
}
}

output
{
elasticsearch
{
hosts => ["localhost:9201"]
index => "old-logs..." # looking for index with the date of indexing #
}
stdout { codec => rubydebug }
}

The moving is working but I would like to know how I can move the logs by date of indexing?

for exemple I've got the index old-log-01-12-2015, old-log-02-12-2016, etc... in ES 2.2.0 I wouls like to have the same index in ES 5.0.2

Thank you

J.S

jakommo · December 20, 2016, 4:43pm

I think what you are looking for is the docinfo setting of the Elasticsearch input. This will include the metadata of the indices you are reading from, which you can then use in the output section to define the index the data is being written to.
The doc page linked above also has an example config for this.

About reindexing from one cluster into another, you don't need Logstash for this anymore, as the _reindex API got support for remote reindexing in 5.0. Also see this page.

lifesaver13 · December 21, 2016, 8:23am

Hello,

Thank you for your answer! It's working!

J.S

system · January 18, 2017, 8:23am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Output logs with date of indexing Logstash Logstash	1	551	January 11, 2017
Reindexing with logstash Logstash	2	888	December 20, 2016
Reindex data on old ES version using Logstash Logstash	6	257	June 10, 2021
Forward logs to a new instance of Elasticsearch Elasticsearch	4	2722	June 19, 2019
Dumping last years log data into ES - what do I do about indexing? Elasticsearch	2	430	July 6, 2017

Logs from ES 2.2.0 to ES 5.0.2 with Logstash with date of indexing?

Related topics