Logstash elastic-search output

sanketsvnus · January 3, 2017, 7:13pm

We have below ELK pipeline out using logstash input/output features. We are following weekly rotation using below config

logstash->logstash-aggregator->kafka->elasticasearch

output {

elasticsearch {
codec => "json"
hosts => [ "xxx:9200", "xxx:9200", "xxxi:9200" ]
index => "logstash-%{+YYYY.ww}"
document_type => "logs"
}

}

With first week of January, it is sending logs to two different indexes instead of one
lotstash-2016.53
logstash-2017.01

We are at version logstash-2.0.0 for logstash elastic-2.0.0 for elastic search

magnusbaeck · January 3, 2017, 8:08pm

That's a bit surprising since 2016 only had 52 weeks according to ISO8601, but maybe Logstash uses another slightly different standard. In general it's expected that the first few days in January might count as week 53 of the previous year. This was the case in 2015 according to ISO8601.

system · January 31, 2017, 8:08pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.