Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

multiple indexes per day possible?

https://support.nagios.com/forum/viewtopic.php?t=38650

Page 1 of 1

multiple indexes per day possible?

Posted: Tue May 31, 2016 3:45 am
by _asp_
Hi,

during developement of logstash configuration and grok parsing, sometimes it is necessary for us to delete indexes to input the data again. Especially it is needed if we had some mistakes in type parsing.

Since we have multiple developement streams (developing on multiple logs in parallel) it would be nice if it is possible to create multiple indexes and to tell logstash to put the data into a custom index container. Routing may be of a field which is set during the processing of the message.
Doing so would also enable us to have different retention times for different logs.

How can this be done?

Regards, Andreas

Re: multiple indexes per day possible?

Posted: Tue May 31, 2016 9:26 am
by hsmith
Right now we don't have a way to separate what logs go in to which index. This is something that may be coming along as a feature in a major release - but at the moment we use a daily index.

Re: multiple indexes per day possible?

Posted: Mon Aug 29, 2016 6:15 pm
by paylocity
Just wanted to chime in on this - my users are clamoring for this exact feature.

+1 on getting this into the next major release, if at all possible!

Re: multiple indexes per day possible?

Posted: Tue Aug 30, 2016 9:47 am
by rkennedy
I filed a feature request for this, #9424. I think it would be really useful, not only for deleting, but also for user granularity.
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited