Hi,
I am looking for help in rollover indexes using ILM policy on existing indexes.
I have created one policy with below parameters
{
"rollup-policy" : {
"version" : 1,
"modified_date" : "2020-07-09T10:48:54.921Z",
"policy" : {
"phases" : {
"hot" : {
"min_age" : "0ms",
"actions" : {
"rollover" : {
"max_size" : "5kb",
"max_age" : "15m"
},
"set_priority" : {
"priority" : 100
}
}
},
"delete" : {
"min_age" : "1d",
"actions" : {
"delete" : {
"delete_searchable_snapshot" : true
}
}
}
}
}
}
}
and attached it index template which I created earlier having below settings:-
{
"field-log-type_template" : {
"order" : 7,
"version" : 1,
"index_patterns" : [
"fields.log_type"
],
"settings" : {
"index" : {
"lifecycle" : {
"name" : "rollup_policy",
"rollover_alias" : "fields.log_type-roll-00001"
},
"number_of_shards" : "1",
"number_of_replicas" : "1"
}
},
"mappings" : {
"_meta" : { },
"_source" : { },
"properties" : { }
},
"aliases" : { }
}
}
I am running filebeat on nodes and have setup template named as defined above with pattern below
output.elasticsearch:
Array of hosts to connect to.
hosts: ["10.242.6.69:9200"]
index: "%{[fields.log_type]}"
setup.template:
name: "field-log-type_template"
pattern: "fields.log_type"
setup.ilm.enabled: false
Also log defined in filebeat.yml as below
- type: log
enabled: true
paths:- /var/log/elasticsearch/elasticsearch.log
fields:
log_type: elk-logs
- /var/log/elasticsearch/elasticsearch.log
So we want to rollover all indexes with alias fields.log_type-roll-00001
Now Index are creating with defined pattern but rollover didn't happen as per policy.
Can somebody help me in this.