How to set index template follow timestamp?

cucukaka · July 10, 2023, 10:30am

Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):
opensearch 2.7.0

Describe the issue:
for example. there are indexs

log-2023.07.08
log-2023.07.09
log-2023.07.10

today is 2023.07.10 and I put a log like this
{ “@timestamp”: 2023-07.08,
“type”:“firewall”}

I want to this log put “log-2023.07.08” index not today index

how to set index template???

now, I set just rollover that create index for 1day in index template

gaobinlong · July 11, 2023, 5:23am

Index template only affects creating new index, I think it cannot resolve your problem, but you can use ingest pipeline to redirect the write index to another, like this:

PUT _ingest/pipeline/redirect
{
  "processors": [
    {
      "set": {
        "field": "_index",
        "value": "log-{{{@timestamp}}}"
      }
    }
  ]
}

, set this pipeline when do bulking or set this pipeline as the default pipeline of the original write index:

POST original_write_index/_doc?pipeline=redirect
{
   "@timestamp": 2023-07.08,
   "type":"firewall"
}

Topic		Replies	Views
TimeStamp based index creation scope in Opensearch Data streams OpenSearch	1	218	April 18, 2024
Index rollover in opensearch using ISM with indexes using datemath OpenSearch index-management	4	119	October 17, 2024
Applied a new template to my indices, but new indices are created with the wrong shard/replica count OpenSearch troubleshoot	1	86	June 21, 2024
Ingestion pipelines for new indices created everyday Open Source Elasticsearch and Kibana configure	1	291	February 7, 2023
[Opensearch] Is it possible to create index with current date & apply policy to create rollover indices with current date format? Index Management configure	1	354	May 1, 2023

How to set index template follow timestamp?

Related topics