Rename index in Elasticsearch

smerzlyakov · July 12, 2019, 8:18am

Hello.

Why it is not possible to do in Kibana? You can delete index, but cannot rename. Will you plan to add this feature?
How to rename index in Elasticsearch easilly?

harshbajaj16 · July 12, 2019, 9:55am

I would like to tell you that there is no such process to rename the index in elasticsearch. However if you want to rename you need to reindex the same with new name and for reindex you can use reindex API in elasticsearch.

Please find the reference link for reindex API.
https://www.elastic.co/guide/en/elasticsearch/reference/current/docs-reindex.html

Regards,
Harsh Bajaj

dadoonet · July 12, 2019, 10:12am

How to rename index in Elasticsearch easilly?

Use an index alias. It's not a "rename" as per say but can probably help without needing to reindex.

smerzlyakov · July 12, 2019, 10:12am

Thank you, Harsh.
And when i need to rename multiple indexes for this mask, for example:
filebeat-%{+YYYY.MM.dd}
And want to do it for two mounth, how must i construct the query?
POST _reindex
{
"source": {
"index": "filebeat-2019-mm.dd"
},
"dest": {
"index": "filebeat_new-2019-mm.dd"
}
}

smerzlyakov · July 12, 2019, 10:17am

Thank you David, but i need to rename it. I want to use previous name for different purpose and it is hard to support future renaming with aliases, i think.
My case with Elastic is SIEM-like.
First you get all logs in raw format to ELK. And name it once.
Than you try to normalise them with ECS.
And you do it multiple times. You do mistakes in naming, go to some standart for your organisation.
I think ELK really need the feature with renaming.

dadoonet · July 12, 2019, 10:26am

I'd read this: https://www.elastic.co/fr/blog/migrating-to-elastic-common-schema-in-beats-environments

harshbajaj16 · July 12, 2019, 10:50am

Hi @smerzlyakov,

I didn't understand your requirement. Could you clear bit more about your use case?

Regards,
Harsh Bajaj

smerzlyakov · July 12, 2019, 11:13am

Hi @harshbajaj16,

Just what command it must be to (rename) reindex multiple indexes at once?

harshbajaj16 · July 12, 2019, 11:28am

Hi @smerzlyakov,

I don't think so that you can do reindex multiple index in one go.

Regards,
Harsh Bajaj

smerzlyakov · July 19, 2019, 9:12am

Hi @Harsh,
It is defenetly possible to rename multiple indexes in one go. For example multiple to one (doc):

POST _reindex
{
  "source": {
    "index": ["twitter", "blog"]
  },
  "dest": {
    "index": "all_together"
  }
}

But i cant find example for reindexing multiple to multiple. Like [index1,index2] to [new_index1, new_index2]

harshbajaj16 · July 22, 2019, 4:36am

Hi @smerzlyakov,

I was talking about this scenario only.

Yes, it is possible to insert new documents while reindexing your index as you shown above. However, Like [index1,index2] to [new_index1, new_index2]not possible.

Regards,
Harsh Bajaj

system · August 19, 2019, 4:36am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.