Stop logstash from automatically creating an index on elastic

Elie_Sbat · June 7, 2022, 11:16am

Hello,

Is there a way to stop logstash from automatically creating an index in Elasticsearch. even if the conf file does not contain any configuration regarding the index.

Logstash logs:

logstash    | [WARN ] 2022-06-07 09:21:17.045 [[main]>worker6] elasticsearch - Could not index event to Elasticsearch. {:status=>400, :action=>["create", {:_id=>nil, :_index=>"logs-cisco_asa.log", :routing=>nil},

The index now is closed because I cannot delete it:

Logstash conf file


Output {
  else if [type] == "syslog" {

        elasticsearch {
                 hosts => ["https://X.X.X.X:9200","https://X.X.X.X:9200","https://X.X.X.X:9200"]
                 cacert => 'XXXXXXX’
                 user => "XXX"
                 password => “xxxx"
                 data_stream => true
                 data_stream_type => "logs"
                 data_stream_dataset => "asa"
                 data_stream_namespace => "prod"
        }
  }
}

Elie_Sbat · June 7, 2022, 11:19am

the logs-cisco_asa.log index is automatically being created even if after the output configuration is changed.

the purpose was to move syslog from legacy index to datastream.

Topic		Replies	Views
Logstash won't create ES indexes (but will store data) Logstash	3	434	January 13, 2017
Logstash does not create index in es Logstash	5	1541	November 13, 2017
Logstash does not creates nor updates index on elasticsearch Logstash	6	309	May 1, 2023
Logstash not create index in Elasticsearch Logstash	4	564	October 19, 2023
Logstash does not create index on elasticsearch Logstash	5	7905	September 2, 2020

Stop logstash from automatically creating an index on elastic

Related topics