Watcher: how to dynamically calculate indices

eeivin · April 28, 2016, 8:36pm

Is there a way to use scripts/template to calculated indices dynamically, to achieve the following?
"indices" : [ "logstash-2016.{{Calendar.getInstance().MONTH}}.{{Calendar.getInstance().DAY_OF_MONTH}}

Here is some background
o A watcher is used to monitor application logs for critical errors
o A new index is created daily (older index indexes are periodically deleted). Indexes are named as follows: logstash-YYYY-MM.DD
o The watcher is configured to run every 15 min and to search for critical errors that occurred in the last 15 min "range": {"@timestamp": {"gt": "now-15m"}
o Currently the indices for the watcher are specified using wildcard as follows: "indices" : [ "logstash-2016.." ]

Thank you for your help,
Eric

skearns · April 28, 2016, 8:53pm

Hi Eric,

When using Watcher to query Elasticsearch, you should be able to use index name date math.

Fun fact: that feature was originally developed for Watcher

Thanks,
Steve

eeivin · April 29, 2016, 4:14pm

That is exactly what I was looking for.

Thank you for your help,
Eric

Topic		Replies	Views
Can I dynamically specify indices to search? Elasticsearch elastic-stack-alerting	3	662	January 12, 2017
Dynamic date passing in indices in watcher Elasticsearch elastic-stack-alerting	7	1537	December 21, 2016
Watcher action - Dynamic index creation Elasticsearch elastic-stack-alerting	4	1428	November 1, 2017
WatcherのIndex Actionで、Index名を可変にする方法がないか Elasticsearch elastic-stack-alerting	5	1114	July 2, 2019
Watcher: dynamic index name does not work Elasticsearch elastic-stack-alerting	7	1718	June 28, 2017

Watcher: how to dynamically calculate indices

Related topics