You should really be setting the event timestamp to the one from the log file. If you ask over on https://groups.google.com/forum/?hl=en-GB#!forum/logstash-users you will get some guidance on that.
On 19 March 2015 at 22:09, Siddharth Trikha <siddharthtrik...@gmail.com> wrote: > I am using the ELK stack for analyzing logs. So as per default > configuration a new index by "logsatash-YYYY-MM-DD" is created by ES. > So if I have configured logstash to read like this: > > /var/log/rsyslog/**/2014-12-0[1-7]/auditd.log > > So it is reading old logs and the index name created will be > "logstash-2015-03-20", so this index will have documents (logs) of previous > dates. > > My problem occurs when I have to delete indexes. If I have to keep only > last one weeks data and purge the older indices. When I will delete index > names except the last 7 days, *I have no track which days logs are kept > in which index name*. Eg: 2014-12-07 date's logs may be kept in any of > index named logstash-2015-03-19 or logstash-2015-03-20. > > So how shall I delete indexes?? > > -- > You received this message because you are subscribed to the Google Groups > "elasticsearch" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to elasticsearch+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/elasticsearch/66554121-9bb9-45df-82a3-7e70c455dd93%40googlegroups.com > <https://groups.google.com/d/msgid/elasticsearch/66554121-9bb9-45df-82a3-7e70c455dd93%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "elasticsearch" group. To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/CAEYi1X8gD7MGff-R%3DNjdSJsHHcKJyTwVxZ1gmdx%3DLqT2J8cMXg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
