Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):
Version 2.3 on AWS
Describe the issue:
We setup the following policy for ILM + index_template and the rollover happens, however, the new rolled over index never goes into write state so we are unable to index any new docs
Configuration:
{
“id”: “auditlogspolicy”,
“seqNo”: 332,
“primaryTerm”: 1,
“policy”: {
“policy_id”: “auditlogspolicy”,
“description”: “Audit logs policy for index management”,
“last_updated_time”: 1669262154664,
“schema_version”: 14,
“error_notification”: null,
“default_state”: “init”,
“states”: [
{
“name”: “init”,
“actions”: [
{
“retry”: {
“count”: 3,
“backoff”: “exponential”,
“delay”: “1m”
},
“read_write”: {}
}
],
“transitions”: [
{
“state_name”: “hot”
}
]
},
{
“name”: “hot”,
“actions”: [
{
“retry”: {
“count”: 3,
“backoff”: “exponential”,
“delay”: “1m”
},
“read_write”: {}
},
{
“retry”: {
“count”: 3,
“backoff”: “exponential”,
“delay”: “1m”
},
“rollover”: {
“min_doc_count”: 3,
“min_index_age”: “30d”
}
}
],
“transitions”: [
{
“state_name”: “warm”,
“conditions”: {
“min_doc_count”: 1
}
}
]
},
{
“name”: “warm”,
“actions”: [
{
“timeout”: “1h”,
“retry”: {
“count”: 10,
“backoff”: “exponential”,
“delay”: “20m”
},
“read_only”: {}
},
{
“retry”: {
“count”: 3,
“backoff”: “exponential”,
“delay”: “1m”
},
“index_priority”: {
“priority”: 100
}
},
{
“timeout”: “1h”,
“retry”: {
“count”: 10,
“backoff”: “exponential”,
“delay”: “30m”
},
“force_merge”: {
“max_num_segments”: 1
}
},
{
“timeout”: “1h”,
“retry”: {
“count”: 10,
“backoff”: “exponential”,
“delay”: “45m”
},
“replica_count”: {
“number_of_replicas”: 1
}
}
],
“transitions”: [
{
“state_name”: “cold”,
“conditions”: {
“min_index_age”: “90d”
}
}
]
},
{
“name”: “cold”,
“actions”: [
{
“retry”: {
“count”: 3,
“backoff”: “exponential”,
“delay”: “1m”
},
“index_priority”: {
“priority”: 50
}
},
{
“retry”: {
“count”: 3,
“backoff”: “exponential”,
“delay”: “1m”
},
“replica_count”: {
“number_of_replicas”: 0
}
}
],
“transitions”: [
{
“state_name”: “frozen”,
“conditions”: {
“min_index_age”: “365d”
}
}
]
},
{
“name”: “frozen”,
“actions”: [
{
“retry”: {
“count”: 3,
“backoff”: “exponential”,
“delay”: “1m”
},
“close”: {}
}
],
“transitions”:
}
],
“ism_template”: [
{
“index_patterns”: [
“audit-logs*”
],
“priority”: 100,
“last_updated_time”: 1669167815966
}
]
}
}
Index Component Templates
Mapping:
{
“name”: “auditlogscomponentmappingtemplate”,
“body”: {
“template”: {
“mappings”: {
“properties”: {
“timestamp”: {
“type”: “date”,
“format”: “date_optional_time||epoch_millis”
},
“OrgID”: {
“type”: “keyword”
}
}
}
},
“_meta”: {
“description”: “Mappings for @timestamp and policy settings”,
},
}
}
Settings:
{
“name”: “auditlogscomponentsettingstemplate”,
“body”: {
“template”: {
“settings”: {
“codec”: “best_compression”,
“refresh_interval”: “30s”,
“number_of_shards”: 5,
“number_of_replicas”: 2,
“index”: {
“mapping”: {
“ignore_malformed”: true,
},
“plugins.index_state_management.rollover_alias”: “anima-audit-logs”
}
}
},
“_meta”: {
“description”: “Settings for ILM hot index”,
}
}
}
Index Template
{
“name”: “auditlogstemplate”,
“body”: {
“index_patterns”: [
‘audit-logs*’,
],
“data_stream”: {
“timestamp_field”: {
“name”: “timestamp”
}
},
“priority”: 200,
“template”: {
“aliases”: {
“anima-audit-logs”: {}
},
},
“composed_of”: [
“auditlogscomponentmappingtemplate”,
“auditlogscomponentsettingstemplate”
],
“version”: 1,
“_meta”: {
“description”: “Audit logs Index template”
}
}
}
I am unable to figure out why the index write is set to false, although the init ILM state changes it to read_write