Description
Hi, I know I opened a ticket before, but I still need help. I can't get it to work.
i am trying to configure my index like this to get the index name with date time including minutes
today it looks like this "enriched_netflow-2024.08.20"
needed like this "enriched_netflow-2024.08.20-HH-mm"
don't work:
output {
elasticsearch {
host => 0.0.0.0
port => 9200
bulk_limit => 1000
bulk_timeout => 100
pipeline => imei-pipeline
index_prefix => "netflow-%{+YYYY-MM-dd.HH.mm}"
data_type => netflow
}
}
I tried to run the DEBUG and it shows like everything is ok but I still don't receive any doc to my index.
it works for me only like this:
output {
elasticsearch {
host => 0.0.0.0
port => 9200
bulk_limit => 1000
bulk_timeout => 100
pipeline => imei-pipeline
index_prefix => netflow
data_type => netflow
}
}
also tried this conf didn't work:
output {
elasticsearch {
host => 0.0.0.0
port => 9200
bulk_limit => 1000
bulk_timeout => 100
pipeline => imei-pipeline
index => netflow-%{+YYYY-MM-dd.HH.mm} ---> logstash syntax
data_type => netflow
}
}
and tried this as you suggest didn't work:
output {
elasticsearch {
host => 0.0.0.0
port => 9200
bulk_limit => 1000
bulk_timeout => 100
pipeline => imei-pipeline
index => 'netflow-#{now:YYYY-MM-dd.HH.mm}'
data_type => netflow
}
}
can't get it with hours and minutes in the index name.
I would like to have your opinion again.