Hello I have been working on some code to be able to rollover my syslogs so that it will continue to populate the Kibana. I am getting the following error in the Dev Tools
Illegal argument exception
rollover target is a [conrete index] but one of [alias, data_stream] was expected
status 400
What I have entered is the following
POST /syslog-YYYY.MM.dd/_rollover/syslog_2022
Where I have the actual date and not the YYYY.MM.dd in the command. When I run the command as
POST /syslog-YYYY.MM.dd/_rollover/syslog_2022
I receive a different error indicating that there is no such index.
What am I doing incorrectly to ensure that this will roll over and continue to gather and collect syslogs?
I do appreciate all of your Elastic Guru knowledge and support.
And it looks like you are using indexes and not a data streams. Is that correct ?
The key question is whether you're actually using aliases and rollovers? Or they're just being time-based indices?.
Did you set up a write alias?
If so You don't rollover the actual index, you POST rollover to the write alias, which knows the current index the alias is pointing to and then creates a new index and then points the alias to the new index
thank you for the reply. I am using 7.13.4 version of Elastic. Yes I am using indices over streams. I an going to go through the tutorials you have linked in your response.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.