I'm working on fixing our onsite elasticsearch 7.17.9 cluster.
I've got a small 3 node cluster capturing our production data. Right now all of the logs get loaded into a single index that I use cron and curator to manually delete once it gets too large (this used to be about once per month.) This works fine on our old test platform (different hardware running old version) and new indexes get built as log data hits elasticsearch.
But on the production cluster running 7.17.9 a new index is not automatically created when new logs/data come in after the index gets deleted. I have to manually create the index using Dev Tools.
I am working to get the developers to accept a change to the index and set up multiple indexes that start and stop at predefined times where I will be able to use ILM properly - but in the meantime, what do I need to have set up in order for the index to respawn on its own if I or curator delete it?
Thanks in advance!