In the cluster that I am working on there are two main indexes, let's say indexA and indexB but these two indexes are indexed each day so normaly I have indexA-{+YYYY.MM.dd} and indexB-{+YYYY.MM.dd}.
What I want is to have one alias that gathers indexA-{+YYYY.MM.dd} and indexB-{+YYYY.MM.dd} together and named alias-{+YYYY.MM.dd}.
Does anyone know how to gather two indexes in one alias with logstash ?
Thank you in advance
As far as I know, there's no way to do it with logstash directly. You can do it from an external program using the elasticsearch API: http://www.elastic.co/guide/en/elasticsearch/reference/current/indices-aliases.html
For example:
curl -XPOST 'http://localhost:9200/_aliases' -d '
{
"actions" : [
{ "add" : { "index" : "indexA-2015.01.01", "alias" : "alias-2015.01.01" } },
{ "add" : { "index" : "indexB-2015.01.01", "alias" : "alias-2015.01.01" } }
]
}'
The other option (which doesn't meet your requirements of having it named alias-yyyy.mm.dd) is to use an index template that automatically adds an alias when the index is created.
See http://www.elastic.co/guide/en/elasticsearch/reference/current/indices-templates.html:
curl -XPUT localhost:9200/_template/add_alias_template -d '{
"template" : "index*",
"aliases" : {
"alias" : {}
}
}
}'
This will add the alias of alias to every index named index*.
You can then do all of your queries against alias. You can setup that alias in Kibana as an index and things will just work right.