Logs from ES 2.2.0 to ES 5.0.2 with Logstash with date of indexing?

lifesaver13 · December 19, 2016, 8:56am

Hello everyone,

I'm moving old logs of my ElasticSearch 2.2.0 to an higher version of ElasticSearch 5.0.2 using Logstash. I write the following configuration :

input
{
elasticsearch
{
hosts => ["localhost:9200"]
index => "old-logs*"
}
}

output
{
elasticsearch
{
hosts => ["localhost:9201"]
index => "old-logs..." # looking for index with the date of indexing #
}
stdout { codec => rubydebug }
}

The moving is working but I would like to know how I can move the logs by date of indexing?

for exemple I've got the index old-log-01-12-2015, old-log-02-12-2016, etc... in ES 2.2.0 I wouls like to have the same index in ES 5.0.2

Thank you

J.S

jakommo · December 20, 2016, 4:43pm

I think what you are looking for is the docinfo setting of the Elasticsearch input. This will include the metadata of the indices you are reading from, which you can then use in the output section to define the index the data is being written to.
The doc page linked above also has an example config for this.

About reindexing from one cluster into another, you don't need Logstash for this anymore, as the _reindex API got support for remote reindexing in 5.0. Also see this page.

lifesaver13 · December 21, 2016, 8:23am

Hello,

Thank you for your answer! It's working!

J.S

Topic		Replies	Views
Output logs with date of indexing Logstash Logstash	1	567	January 11, 2017
Elasticsearch reindex using logstash Logstash	5	5871	April 15, 2017
Logstash config - elasticsearch to elasticsearch Logstash	4	593	December 19, 2017
Will older logstash forward to newer elasticsearch? Logstash	2	546	July 27, 2017
Logstash logs to "logstash" index instead of "logstash-<date>" after update Elasticsearch	2	352	September 30, 2019

Logs from ES 2.2.0 to ES 5.0.2 with Logstash with date of indexing?

Related topics