I have a index template configured to apply on a index pattern products_*
How each document in products will have two fields
date
country_code
using the pipeline processor I wanted to create dynamic indexes like below
products_2021_12_24_us
products_2021_12_25_us
products_2021_12_24_uk
now i want to add alias for the indexes in the following behavior
for a index products_2021_12_24_us the alias should be products_us and products_2021_12_24
so that we can search the US products under one name and also for one date products under one name.
What should i use here?
Should i create multiple templates or one template can handle it all?
Related
I've an alias setup for rolling indices in elastic search. Let's call the alias : "alias" for now. It points to a number of indexes and rolls over after every 100gb. Now, let's say the number of fields in previous indices associated with alias is 100 and I've added one more field while writing to latest index. so, the number of fields become 101.
I've setup an index pattern by the name of "alias" and I can see all the indices listed via that index pattern but I am unable to visualize the 101th field I just added in the recent indices. Is there a way to do it ?
Please let me know if more details are needed regarding the same.
Hope you added the new field in the write index that your alias is pointing to, an alias can have only one write index but can have many read index and if you added the new field to a read index of your alias, you will not be able to visualise it using your alias.
I have a number field in my index that states the job id and I want to filter by a specific job. So I want to create a 'control' to choose one job id from an options list. But whenever I choose the field the only option is "Range slider". How can I change that?
It's most probably because job_id is mapped as a number and not a keyword.
So you can either change your mapping and reindex your data or create a keyword sub-field, update your index in place and then use the ...job_id.keyword field so create your control. An example of the second option can be found in this thread
I'm using kibana 7.10.1.
I need it to use different 'time fields' for each index pattern. Is this possible to set multiple time fields for same index ?
You can pick any date (or date_nanos) field as the primary time field in an index pattern. Screenshot from the second page when creating it:
#timestamp is just a convention. Though you will need to create a different index pattern for each combination of index(es) and primary time field.
I have graphs defined from Elasticsearch source with long field names such as private_data.systemMetrics.systemData.cpu.usage_user. I would like to set alias for the cpu usage fields that will display only the field name suffixes, in above example, usage_user.
Using Grafana v4.5.2
I found a way to display a short alias but it is costly. I split the query with multiple fields into a list of queries, each on a single field with explicit alias.
Is there a better way to do it?
I have a variety of elasticsearch indices which are created daily by logstash with the format:
"logstash-%{cluster_type}-%{cluster_name}-jobaccounting-v2-%{+YYYY.MM.dd}"
I would like to create an alias in elasticsearch which drops the version number from the index name. I am planning to point my kibana instance at the aliased index rather than the versioned index so that I can change the version numbers without impacting kibana.
index: "logstash-%{cluster_type}-%{cluster_name}-jobaccounting-v2-%{+YYYY.MM.dd}"
alias: "logstash-%{cluster_type}-%{cluster_name}-jobaccounting-%{+YYYY.MM.dd}"
Elasticsearch index templates can be used to create an alias everytime a new index is created.
https://www.elastic.co/blog/aliases-ftw
Unfortuantely, I have not found any good way to use variables in the alias name. I would like to avoid having to create a template for every cluster_type, cluster_name, and date.
If I had 2 entries for each variable cluster_name and cluster_type, I would have 4 indices every day, which would require 4 aliases for each day.
If I could use a date variable, then I could just have 4 templates rather than 4 templates for each day.
Is there a way to use a date variable in the alias name? Does taking this approach make sense?
The only available placeholder is {index}, so you can't compose more complex alias name inside template.
https://www.elastic.co/blog/aliases-ftw