Hi,
Is there in any way i can create an index from logstash output and segregate the index based on 2 hours index ?
%{+yyyy.mm.dd.hh} will create the data in every hour...what i need is in every 2 hour..
Why do you want to do this? Do you have an extremely high ingest rate or a very short retention period? This kind of scheme can easily result in very large number of indices and shards which can be very inefficient. That said I do not think there is any built in support for this so you may need to calculate the hour in the config and add it separately to the index pattern.