New index not created

teamg · March 20, 2019, 7:07pm

I want two of my hosts to write to a different index. Based on the articles I've read on here this output statement in /etc/logstash/conf.d/input.conf should create a new index when it finds these two hosts....but it's not. Kibana only shows the filebeat-* but these two hosts are no longer appearing in Discover. Where is the data going? I don't see any errors on start up. Do I need to define the new index somewhere before the below statement will work?

output {
if [host.name] in ["lab4a", "lab4b"] {
elasticsearch {
index => "lab4-%{+YYYY.MM.dd}"
}
}
}

Badger · March 20, 2019, 7:23pm

That should be if [host][name] ...

teamg · March 20, 2019, 7:36pm

Yes, that's what I was missing. Thanks @Badger

system · April 17, 2019, 7:37pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
New index is not created Elasticsearch	7	4955	February 14, 2020
Logstash is not creating new index in elastic cloud Logstash	19	2615	November 9, 2017
Unable to create index Kibana	13	7607	May 5, 2017
Index creating through logstash and show on kibana index pattern Elasticsearch	6	221	September 19, 2023
Kibana is not creating Index even the index is present in Elasticsearch Kibana	7	4651	November 21, 2017

New index not created

Related topics