How to set index template follow timestamp?

cucukaka · July 10, 2023, 10:30am

Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):
opensearch 2.7.0

Describe the issue:
for example. there are indexs

log-2023.07.08
log-2023.07.09
log-2023.07.10

today is 2023.07.10 and I put a log like this
{ “@timestamp”: 2023-07.08,
“type”:“firewall”}

I want to this log put “log-2023.07.08” index not today index

how to set index template???

now, I set just rollover that create index for 1day in index template

gaobinlong · July 11, 2023, 5:23am

Index template only affects creating new index, I think it cannot resolve your problem, but you can use ingest pipeline to redirect the write index to another, like this:

PUT _ingest/pipeline/redirect
{
  "processors": [
    {
      "set": {
        "field": "_index",
        "value": "log-{{{@timestamp}}}"
      }
    }
  ]
}

, set this pipeline when do bulking or set this pipeline as the default pipeline of the original write index:

POST original_write_index/_doc?pipeline=redirect
{
   "@timestamp": 2023-07.08,
   "type":"firewall"
}

Topic		Replies	Views
Backing index name with date OpenSearch	2	286	March 8, 2023
[Opensearch] Is it possible to create index with current date & apply policy to create rollover indices with current date format? Index Management configure	1	281	May 1, 2023
OpenSearch Index policy with log rotation OpenSearch configure , index-management	7	1947	September 13, 2023
Help needed for creating a template for merging & deleting old indices Index Management	3	2265	August 29, 2020
How to schedule indexing a document in a specific datetime? OpenSearch	4	147	May 31, 2023

How to set index template follow timestamp?

Related Topics