我目前正在测试Elasticsearch 6.3中新的汇总API,并且想知道是否有任何方法可以配置汇总作业以基于时间戳动态创建索引,例如在获取数据时Logstash会这样做?用例是尝试汇总大量时间序列网络性能报告数据,而且我担心即使是每小时汇总也将创建巨大的索引来管理,因此我希望将其拆分为每天的每小时汇总有一个索引。
当前汇总作业配置:
{
"index_pattern": "dxs-raw-*",
"rollup_index": "dxs-hourly-%{+YYYY.MM.dd}",
"cron": "* */15 * * * ?",
"page_size": 1000,
"groups": {
"date_histogram": {
"field": "@timestamp",
"interval": "1h",
"delay": "12h"
},
"terms": {
"fields": ["ci_id.keyword", "client_id.keyword", "element_name.keyword", "measurement.keyword", "source_management_platform.keyword", "unit.keyword"]
}
},
"metrics": [
{
"field": "value",
"metrics": ["min", "max", "avg"]
}
]
}
通过Kibana DevTools控制台放置作业时看到错误:
{
"error": {
"root_cause": [
{
"type": "invalid_index_name_exception",
"reason": "Invalid index name [dxs-hourly-%{+YYYY.MM.dd}], must be lowercase",
"index_uuid": "_na_",
"index": "dxs-hourly-%{+YYYY.MM.dd}"
}
],
"type": "runtime_exception",
"reason": "runtime_exception: Could not create index for rollup job [dxs-hourly]",
"caused_by": {
"type": "invalid_index_name_exception",
"reason": "Invalid index name [dxs-hourly-%{+YYYY.MM.dd}], must be lowercase",
"index_uuid": "_na_",
"index": "dxs-hourly-%{+YYYY.MM.dd}"
}
},
"status": 500
}
最佳答案
从6.4版开始,这是不可能的,但是已对here进行了新的增强
当最终解决方案发布时,我将使用我们已有的实现来更新此答案。
关于elasticsearch - Elasticsearch汇总作业是否可以像Logstash一样动态创建索引?,我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/51940615/