You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@senssoft.apache.org by "Michelle Beard (JIRA)" <ji...@apache.org> on 2018/05/18 14:58:00 UTC

[jira] [Created] (SENSSOFT-302) Create time-series index patter for UserALE in Elasticsearch/Logstash

Michelle Beard created SENSSOFT-302:
---------------------------------------

             Summary: Create time-series index patter for UserALE in Elasticsearch/Logstash
                 Key: SENSSOFT-302
                 URL: https://issues.apache.org/jira/browse/SENSSOFT-302
             Project: SensSoft
          Issue Type: Improvement
            Reporter: Michelle Beard


We should not be feeding a constant stream of data to a single index. Ideally, we should use this format when indexing userale logs:
%\{[@metadata][userale]}-%\{[@metadata][version]}-%\{+YYYY.MM.dd}"

%\{[@metadata][userale]} sets the first part of the index name to the value of the userale metadata field, %\{[@metadata][version]} sets the second part to userale's version, and %\{+YYYY.MM.dd} sets the third part of the name to a date based on the Logstash @timestamp field. For example:userale-1.0.0-2018.05.18.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)