Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Is it possible to have daily "elastalert_status-%{+YYYY.MM.dd}" indices #684

Open
v4virtual opened this issue Aug 24, 2016 · 6 comments · May be fixed by #945
Open

Is it possible to have daily "elastalert_status-%{+YYYY.MM.dd}" indices #684

v4virtual opened this issue Aug 24, 2016 · 6 comments · May be fixed by #945
Assignees

Comments

@v4virtual
Copy link

in a similar way like the "index" parameter of elasticsearch output in logstash: "logstash-%{+YYYY.MM.dd}"
https://www.elastic.co/guide/en/logstash/current/plugins-outputs-elasticsearch.html#plugins-outputs-elasticsearch-index

@stefansaye
Copy link

+1

@ruria
Copy link
Contributor

ruria commented Sep 12, 2016

We´re working on it right now. No tests available for now, but seems to be working!

https://github.com/ruria/elastalert

You have to add "writeback_index_fmt" to your config with something similar to "%d-%m-%Y" (see patterns available here : http://www.tutorialspoint.com/python/time_strftime.htm )

@v4virtual
Copy link
Author

that's great! Thanks.
The only thing to note is that it will not rotate the indices based on a pattern you add unless you restart elastalert. Currently doing it with a cron job...

@ruria
Copy link
Contributor

ruria commented Oct 11, 2016

Yes, you´re right.
Check it again now, it will rotate indexes. Even better (check create parm) the indexes will be created before use it, so you can forget about create_index "tool"

@Qmando Qmando linked a pull request Mar 10, 2017 that will close this issue
@Qmando Qmando self-assigned this Mar 10, 2017
@Hariharan-Gandhi
Copy link

+1

@meslerkx
Copy link

Sorry to start this up again, but did anything come of this? I'm guessing by the fact that this is an open issue that there is still work to be done, but wanted to make sure.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging a pull request may close this issue.

6 participants