Hey all, after I set up the index lifecycle management system in ELK stack, I can no longer see the nginx indexes generated in Kibana, can anyone point out what I might have done wrong?
My setting on filebeat:
setup.ilm.enabled: auto
setup.ilm.rollover_alias: "webaccess"
setup.ilm.pattern: "{now/d}-000001"
setup.ilm.policy_name: "mylogs_policy"
fields:
source_log: web_access
index_prefix: web_access
app: all
configs on elasticsearch:
{
"indices" : {
"web_access-000001" : {
"index" : "web_access-000001",
"managed" : true,
"policy" : "mylogs_policy",
"lifecycle_date_millis" : 1570305880145,
"phase" : "hot",
"phase_time_millis" : 1570305880598,
"action" : "rollover",
"action_time_millis" : 1570305884592,
"step" : "check-rollover-ready",
"step_time_millis" : 1570305884592,
"phase_execution" : {
"policy" : "mylogs_policy",
"phase_definition" : {
"min_age" : "0ms",
"actions" : {
"rollover" : {
"max_size" : "50gb"
}
}
},
"version" : 1,
"modified_date_in_millis" : 1569421269545
}
}
}
}
GET _aliases
"web_access-000001" : {
"aliases" : {
"webaccess" : {
"is_write_index" : true
}
}
}
GET _ilm/policy
"mylogs_policy" : {
"version" : 1,
"modified_date" : "2019-09-25T14:21:09.545Z",
"policy" : {
"phases" : {
"warm" : {
"min_age" : "1d",
"actions" : {
"forcemerge" : {
"max_num_segments" : 1
}
}
},
"cold" : {
"min_age" : "7d",
"actions" : {
"freeze" : { }
}
},
"hot" : {
"min_age" : "0ms",
"actions" : {
"rollover" : {
"max_size" : "50gb"
}
}
},
"delete" : {
"min_age" : "90d",
"actions" : {
"delete" : { }
}
}
}
}
}