New to it all. Would like a rotating 7 indexes from logstash to Elastisearch

runatyr · April 14, 2017, 5:29pm

Hello:
First off... Wow... These products are amazing!

I have a single logstash source and a single elasticsearch/kibana source set up. All on the same server.
(Yes Still learning it all )

I would like to have my logstash and elasticsearch configuration set up so I create a new index every day and
keep only the 7 most recent indices in elasticsearch.

Do I accomplish this by modifying elasticsearch and logstash both?
What is a simple automated solution

Any help is greatly appreciated

-Runatyr

my logstash conf file below

input {
file {
path => "/var/log/logfile.log"
start_position => "beginning"
}
}

output {
elasticsearch {
hosts => ["localhost:9200"]
}
stdout { codec => rubydebug }
}

Christian_Dahlqvist · April 16, 2017, 10:49am

Logstash by default creates a new index every day, so that should already happen. In order to delete indices that are older than 7 days, you can use Curator.

runatyr · April 25, 2017, 5:47pm

Many thanks!

system · May 23, 2017, 6:02pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.