Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

LS indexes

https://support.nagios.com/forum/viewtopic.php?t=60470

Page 1 of 1

LS indexes

Posted: Mon Oct 19, 2020 4:41 am
by newmember
NLS uses a daily index currently.

I have multiple clients with individual PCI requirements.
For each client has 3 env. Prod, Staging, and Dev.

Is this type of filtering supported by NLS?

Code: Select all

filter {
      if [log_type] in [ "prod", "staging", "dev" ] {
        mutate { add_field => { "[@metadata][target_index]" => "staging-%{+YYYY.MM}" } }
      } else if [log_type] == "prod" {
        mutate { add_field => { "[@metadata][target_index]" => "prod-%{+YYYY.MM.dd}" } }
      } else if [log_type] == "dev" {
        mutate { add_field => { "[@metadata][target_index]" => "dev-%{+YYYY.MM.dd}" } }
    }
    output {
      elasticsearch {
        index => "%{[@metadata][target_index]}"
      }
    }

Re: LS indexes

Posted: Mon Oct 19, 2020 4:22 pm
by cdienger
A filter like this can be put in place, but any sort of maintenance NLS does on indexes would no longer work since it is hardcoded to look for logstash-YYYY.MM.DD. Alerting would also no longer work for the same reason.

Dashboards would also need to be configured to use the new indexes.
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited