Separate index per application or name space

maxozerov · August 7, 2019, 4:43pm

Hello, Raju!
This separation is similar made (with example) and discussed here.
Or Elastic Doc example:

output.elasticsearch:
  hosts: ["http://localhost:9200"]
  indices:
    - index: "warning-%{[agent.version]}-%{+yyyy.MM.dd}"
      when.contains:
        message: "WARN"
    - index: "error-%{[agent.version]}-%{+yyyy.MM.dd}"
      when.contains:
        message: "ERR"

So, need conditions
Approximate my copy-paste:

 indices:
    - index: 'filebeat-{{ .Values.elasticsearch.indexSuffix}}-%{[data.kubernetes.labels.app]}-%{+yyyy.MM.dd}' 
      when:
        or:
          - equals:
              data.kubernetes.labels.app: 'cool bro'

Topic		Replies	Views
Filebeat is not creating indices for each pod name Beats elastic-stack-alerting , filebeat	4	100	July 8, 2024
Separate indexes for each kubernetes namespace Logstash	10	9283	April 1, 2019
Add multiple index per kubernetes metadata for filebeat Beats filebeat	1	359	December 25, 2023
Configure output Index name with kubernetes metadata field Beats filebeat	3	1460	July 19, 2018
Filebeat setup on Kubernetes cluster - Split index output by namespace Beats docker , filebeat	1	118	April 24, 2024

Separate index per application or name space

Related Topics