Hello,
We are currently using ELK to centralize every log of our system. There are lots of elements and everything is retrieved through Logstash with one big config file.
Each element has the same structure :
else if [type] == "hipayprod"{
elasticsearch {
hosts => [ "localhost:9200" ]
index => "{type}-%{+YYYY.MM.dd}"
ilm_enabled => true
ilm_rollover_alias => "hipayprod-"
ilm_pattern => "000001"
ilm_policy => "natdecpolicy"
}
}
Here, you can see that the index.lifecycle.rollover_alias is "hipayprod-" with a dash at the end. However, the old alias was only "hipayprod" without the dash.
My issue is that some index doesn't update and some does.
This is one of my index on Kibana :
{
"index.blocks.read_only_allow_delete": "false",
"index.query.default_field": [
"*"
],
"index.write.wait_for_active_shards": "1",
"index.lifecycle.name": "natdecpolicy",
"index.lifecycle.rollover_alias": "front1",
"index.refresh_interval": "5s",
"index.priority": "100",
"index.number_of_replicas": "1"
}
As you can see the index.lifecycle.rollover_alias is "front1" without the dash. This means that it doesn't roll over.
If I manually update the index on KIbana, it will roll over but then it will go back to the wrong alias. Restarting Logstash doesn't work.
What is weird to me is that every index is configured the same way and some are working properly and some aren't.