I am pushing logstash output to ES and creating indices based on date and doc.
I tried deleting one of today's index from ES using XDELETE and it got deleted. But it is getting recreated and all of today's data is also getting loaded.
I was expecting it to stream only the logs created after the deletion of index.
Am I missing something here? Any help is appreciated.
What does your Logstash configuration look like?
The issue got resolved. Logstash was trying to process grok on a log entry which was pretty big and the CPU usage was also very high.
Once we removed that log line, everything started working fine. The deleted indices are not getting recreated.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.