Elasticsearch - alias filters aren't being applied

Question

We apply our index template using logstash's Elasticsearch output plugin. All of our index patterns are as such: "--" I am attempting to create an alias for each subsystem using alias filters, But the filters aren't being applied, causing every index to get all the aliases configured. (so subsystem A, get an alias of subsystem A and subsystem B and all other subsystems)

my template looks like this:

{
  "index_patterns" : "system-*",
  "version" : 1,
  "settings" : {
    "index.codec": "best_compression"
  },
  "aliases" : {
    "system" : {},
    
    "system-subsystem_a" : {
      "bool" : {
          "filter" : {
            "term" : {"Subsystem" : "subsystem_a"}
          }
      },

    "system-subsystem_b" : {
      "bool" : {
          "filter" : {
            "term" : {"Subsystem" : "subsystem_b"}
          }
      }
    }
}

I tried a few different variations and combinations (without using "bool" block. changing the term "Subsystem" to "Subsystem.keyword" and etc.) all came out with the same result.

I actually asked a similar question previously: elasticsearch templates - create alias from index_pattern

@ibexit suggested to create a template for each subsystem, but logstash's elasticsearch output plugin doesn't support multiple templates. I am hoping to avoid using the API. using a single file makes it easier for me to manage and quickly deploy test environments with docker-compose.

score 0 · Answer 1 · answered Jul 02 '20 at 11:20

Great start!! You're just missing the filter declaration in your alias:

{
  "index_patterns": "system-*",
  "version": 1,
  "settings": {
    "index.codec": "best_compression"
  },
  "aliases": {
    "system": {},
    "system-subsystem_a": {
      "filter": {                   
        "bool": {
          "filter": {
            "term": {
              "Subsystem": "subsystem_a"
            }
          }
        }
      }
    },
    "system-subsystem_b": {
      "filter": {
        "bool": {
          "filter": {
            "term": {
              "Subsystem": "subsystem_b"
            }
          }
        }
      }
    }
  }
}

And a simpler version, you don't need bool/filter at all:

{
  "index_patterns": "system-*",
  "version": 1,
  "settings": {
    "index.codec": "best_compression"
  },
  "aliases": {
    "system": {},
    "system-subsystem_a": {
      "filter": {
        "term": {
          "Subsystem": "subsystem_a"
        }
      }
    },
    "system-subsystem_b": {
      "filter": {
        "term": {
          "Subsystem": "subsystem_b"
        }
      }
    }
  }
}

neither version worked for me. The filter clause is completely ignored. — GKman, Jul 05 '20 at 14:25
Can you show how you create the template, then the index and finally run GET system-* — Val, Jul 06 '20 at 05:44
I simply use logstash to write to an index. like I wrote in my post, template is also applied by logstash. — GKman, Jul 06 '20 at 06:33

Elasticsearch - alias filters aren't being applied

1 Answers1