Send alerts to elasticsearch index with YYYY-MM placeholder

alerting

(Matthew Field) #1

I am trying to send x pack watcher alerts to an index using YYYY-MM-dd placeholders similar to the way I do in logstash.

eg. my-index-2018-01-01 , my-index-2018-01-02 etc. as a function of todays date.

Something like this:

.....
 "index_payload": {
      "transform": {
        "script": "return [ 'clientId' : ctx.metadata.clientId ,'clientName':'Matts Testing Locations','docType':'watcher-alert','location_pg':'0,0']"
      },
      "index": {
        "index": "my-index-{{YYYY-MM-DD}}",
        "doc_type": "doc",
        "execution_time_field": "execution_time"
      }

But I can't find the right place holder format to use.
Thanks for any help!


(Alexander Reelsen) #2

See this link https://www.elastic.co/guide/en/elasticsearch/reference/6.2/date-math-index-names.html


(system) #3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.