How to dynamically add index to alias when new index is dynamically added

Question

How to dynamically add an index to alias when index is dynamically created every day? I'm using Logstash to send data to our ElasticSearch engine, version 6.1.1, with the following convention:

elasticsearch {
   hosts => "10.01.01.01:9200"      
   index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
}

This dynamically creates a new index per day. I configured the system based on install instructions for this version.

I created an alias to be able to query across all index types (Filebeat/Winlogbeat/etc).

How can I dynamically make all dynamic indexes be added to this alias to avoid having a system administrator perform a daily task to add the index, like: (using Kibana DevTools)

POST /_aliases
{
  "actions": [
     { "add": { "index": "winlogbeat-6.1.1-2018.02.16", "alias": "myaliasname"}}
  ]
}

Would querying with wildcard indices names not work for you? — ryanlutgen, Feb 20 '18 at 20:05
Thanks for the reply. I need to query the alias with my Kibana visualizations so that the data is queried across all indexes. Using the index name like: winlogbeat-* does work, but it ties you to that kind of beat data. Example: querying winlogbeat and filebeat for anything that has the word "JohnSmith" would not work without using the alias. — kninva, Feb 20 '18 at 20:19
Possible duplicate of [How to create an alias on two indexes with logstash?](https://stackoverflow.com/questions/29941296/how-to-create-an-alias-on-two-indexes-with-logstash) — Alkis Kalogeris, Feb 20 '18 at 20:37
Very possibly a duplicate. I'll try the alias template. If it works, I'll close this issue. Thanks for the tip! — kninva, Feb 20 '18 at 20:49

How to dynamically add index to alias when new index is dynamically added

0 Answers0