Hi,
Is there in any way i can create an index from logstash output and segregate the index based on 2 hours index ?
%{+yyyy.mm.dd.hh} will create the data in every hour...what i need is in every 2 hour..
1 Like
Why do you want to do this? Do you have an extremely high ingest rate or a very short retention period? This kind of scheme can easily result in very large number of indices and shards which can be very inefficient. That said I do not think there is any built in support for this so you may need to calculate the hour in the config and add it separately to the index pattern.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.