Hello,
I have logs pushed from fluent bit into OpenSearch. What I want is to be able to delete logs that are older than x days. The approach I’m following is to do a rollover after a certain amount of time and then delete the rolled over index. My index is called ‘app-logs’.
My policy:
{
"id": "app-logs-policy",
"seqNo": 5729,
"primaryTerm": 40,
"policy": {
"policy_id": "app-logs-policy",
"description": "Managing logs for apps",
"last_updated_time": 1640028156384,
"schema_version": 11,
"error_notification": null,
"default_state": "current_write_index",
"states": [
{
"name": "current_write_index",
"actions": [
{
"rollover": {
"min_index_age": "1h"
}
}
],
"transitions": [
{
"state_name": "delete"
}
]
},
{
"name": "delete",
"actions": [
{
"delete": {}
}
],
"transitions": []
}
],
"ism_template": [
{
"index_patterns": [
"app-logs*"
],
"priority": 0,
"last_updated_time": 1636389899479
}
]
}
}
My template:
{
"app-logs-template": {
"order": 0,
"index_patterns": [
"app-logs*"
],
"settings": {
"index": {
"opendistro": {
"index_state_management": {
"rollover_alias": "app-logs"
}
}
}
},
"mappings": {},
"aliases": {}
}
}
The error:
{
"message": "Missing alias or not the write index when rollover [index=app-logs]"
}
Is there anything else I need to configure?
Thanks