Create one index for host. How can I do it?
Posted: Sun Oct 25, 2020 10:19 pm
I would like to create one index, like logstash-IP-date, how can I do it?
I would advise against this for the reasons mentioned in https://support.nagios.com/forum/viewto ... 16&t=60470, but it is possible with an elasticsearch output and the index option "index => "logstash-%{host}-%{+YYYY.MM.dd}".
See https://www.elastic.co/guide/en/logstas ... arch-index for details. I'd also recommend sending these indexes to another server running elasticsearch if you go this route - you can't disable the default option that writes to logstash-%{+YYYY.MM.dd} so if you add another output like this you would be doubling the data stored on the NLS machine.