I can understand that its possible to preindex a field during index creation as mentioned in the following page :
https://www.elastic.co/guide/en/elasticsearch/reference/master/index-modules-index-sorting.html
In my case I am creating index automatically every day by using date as one parameter. So how do I sort one field in an index which is created automatically by the already configured logstash output file ?
Logstash config :
output {
if [filteredValues] {
file {
path => "/etc/logstash/output.json"
codec => line { format => "CI-ID : %{filteredValues}"}
write_behavior => overwrite
}
}
if "lastFailedBuild" in [source] {
elasticsearch {
hosts => ["xxxxxxxxxxxxx:9200"]
manage_template => false
index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}-failurelogs"
document_type => "%{[@metadata][type]}"
}
}else if "lastUnsuccessfulBuild" in [source] {
elasticsearch {
hosts => ["xxxxxxxxxx:9200"]
manage_template => false
index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}-failurelogs"
document_type => "%{[@metadata][type]}"
}
}else {
elasticsearch {
hosts => ["xxxxxxxxxxxxxxxxx:9200"]
manage_template => false
index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}-successlogs"
document_type => "%{[@metadata][type]}"
}
}
Thanks in advance.