Logstash does not create logstash-* indices in ES

ehsank777 · September 9, 2019, 11:07am

Hi,
Since we upgraded ELK to the version 7.2 , we faced a problem. logstash is creating indices with other names except logstash-yyyy.mm.dd format . In other words within logstash.conf we have

output {
    if "foo" in [tags] {
            elasticsearch { index => "foo-%{+YYYY.MM.dd}" }
    } else if "bar" in [tags] {
            elasticsearch { index => "bar-%{+YYYY.MM.dd}" }
    } else {
            elasticsearch { }
    }

it means if neither of "foo" or "bar" in tags, logs should be created under default indexing name, logstash-* but they don't. For example , from old logstash we have logstash-2019.09.05 in ES but after update on 2019.09.06 , we have nothing. I already tried deleting logstash template with
curl -XDELETE http://localhost:9200/_template/logstash
but it did not work.

system · October 7, 2019, 11:07am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
New index is not created Elasticsearch	7	4925	February 14, 2020
Date stamp in index name is being ignored Logstash	3	447	January 16, 2020
Indices names missing timestamp Logstash	4	565	December 19, 2019
Index name not recognize +YYYY.MM.dd some times Logstash ilm-index-lifecycle-management	2	422	April 16, 2020
For ELK,sometimes Logstash says “no such index”, how to set automatic create index in ES while “no such index”? Logstash	4	1268	July 6, 2017

Logstash does not create logstash-* indices in ES

Related Topics