That seems all good but reading the documentation, it seems I have a issue with my indexes and its current policy
My current indexes seem to have a "default" policy assiged so to speak where there is only a hot phase designed. I would like switch all my current indexes so, like my new indexes, they get deleted after x days.
I seem to be confused because although I know I can assign a new ILM policy to current indexes, they dont get applied until they switch phase (which will never happen in this case)
That does look intresting (more so the wildcard character). Thanks.
All my indexes are named timebased (example: "winlogbeat-winsecurity-2021.05.20" ) I already have created my ILM policy that has a hot and a delete phase. I dont have a alias (as I dont understand the concept well, sorry) How can I get this work?
I just noticed that I left out a very important detail.
All my logs pass thru Logstash and it gets sent to Elasticsearch. So for example, in a Logstash configuration file I have, if I set it to use my new ILM policy, it seems to work.
But the other indexes? They dont seem to have it assigned.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.