Hi,
Havn't been using ELK too long and I just can't undestand, why always
logstash creates new index with the default name "logstash-xxxx.xx.xx" and
ignores totally my config. I have tried to tell:
index => "api-%{+YYYY.MM.dd}"
... or just "api" or anything, but it always creates the index with the
default name. Why? I would like to get a situation where logstash creates a
daily index like now but with the name "api-xxx.xx.xx" and not the default.
What am I missing?
Thanks very many.
Config:
cat input_syslog.conf
input {
syslog {
port => 514
type => "syslog"
}
}
cat /output_elasticsearch.conf
output {
elasticsearch_http {
host => "localhost"
index => "api-%{+YYYY.MM.dd}"
manage_template => false
template_overwrite => true
}
}
I have created a template "apitemplate_1" and elastic is using it, every
time logstash creates a daily index, there is 3 shards and 2 replicas so at
least somehow my template is in use:
{
"template" : "",
"settings" : {
"index.refresh_interval" : "5s",
"number_of_shards" : 3,
"number_of_replicas" : 2
},
"mappings" : {
"default" : {
"_all" : {"enabled" : true},
"dynamic_templates" : [ {
"string_fields" : {
"match" : "",
"match_mapping_type" : "string",
"mapping" : {
"type" : "string", "index" : "analyzed", "omit_norms" : true,
"fields" : {
"raw" : {"type": "string", "index" : "not_analyzed", "ignore_above" : 256}
}
}
}
} ],
"properties" : {
"@version": { "type": "string", "index": "not_analyzed" },
"geoip" : {
"type" : "object",
"dynamic": true,
"path": "full",
"properties" : {
"location" : { "type" : "geo_point" }
}
}
}
}
}
}
--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/676bb8b3-3e8c-457b-a3a0-88eb7bc58b75%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.