Logstash not creating multiple index

shubham_gour · September 10, 2020, 8:14pm

i have this code use in conf file of logstash

input {
beats{
port => 5044
}
}
filter {
grok{
match => { "message" => "%{INT:Event_Date} %{MONTH:Event_Month} %{YEAR:Event_Year} | %{TIME:SFS_Event_Time},%{INT:LOG_NUMB} | %{LOGLEVEL:log-level} | %{DATA:Pool_Thread} | %{DATA:Extension} | | {lib}: { Zone: %{DATA:Zone} } ELK_SYNC_LOG Count: %{INT:Count} UserCount: %{INT:User-Count}" }
}
mutate{
convert => { "User-Count" => "integer" }
}
}

output {
elasticsearch {
hosts => ["http://localhost:1311"]
index => "logstash-%{+yyyy.MM.dd}"

My kibana shows only one index logstash* the index is not been created on daily basis due to this my data for logs stored in single file need only last 45 days data i want to delete rest

Badger · September 10, 2020, 9:20pm

Set ilm_enabled to false.

shubham_gour · September 10, 2020, 9:22pm

can you please tell what will it do as i commented this line already in my conf file

Badger · September 10, 2020, 9:23pm

I gave you a link to the documentation so that you can read about Index Lifecycle Management.

shubham_gour · September 10, 2020, 9:24pm

Thanks it would be helpful

system · October 8, 2020, 9:24pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.