Elasticsearch Monthly Moving Indexes

Question

Elasticsearch Monthly Moving Indexes

I use logstash to feed calendar indexes daily into elasticsearch, something like this

   output {

        elasticsearch {

                ....
                index: myindex-%{+YYYY.MM.DD}
       }
   }

Now it turns out that I need to use the monthly rental indices after viewing http://logstash.net/docs/1.4.1/outputs/elasticsearch.html#index

But I still feel embarrassed, so the answer is as simple as using myindex-%{+YYYY.MM}instead, and the index will roll at the end of each month?

Update: Here are examples of the “same” event (which has the same field _id) indexed on two different days

on day A, it is indexed

   {_id: 123, message: "old message}

the next day B, it is indexed

   {_id: 123, message: "updated message}

A B , 2 , . , B, _id A, B. , , _id , . , : , , ( ), , elasticsearch update _id ( , / , )

+4

elasticsearch logstash

James Jiang 24 . '15 1:26

1

Jettro Coenradie · Answer 1 · 2015-06-28T09:27:42+0000

, , . , , , . , . . , .

filter {
  date {
      match => ["timestamp" , "dd/MMM/yyyy:HH:mm:ss Z"]
  }
}
output {
  elasticsearch {
    protocal => "transport"
    host => "localhost:9300"
    cluster => "mycluster"
    index => "gridshore-logs-%{+YYYY.MM}"
  }
}

Elasticsearch Monthly Moving Indexes

More articles: