opensearch // index template setup

logging | elk | fluentbit

on the opensearch dashboard

create rollover+delete policy

index mgmt / state mgmt policies / create policy

logs-policy

ism templates / index patterns: logs-*

sample index policy

note without "numeric_detection": true, as this sometimes mistaken HEX with fields and therefore prevents some logs to be sent e.g.

"type":"mapper_parsing_exception","reason":"failed to parse field [tcp.tcp_flags_ts] of type [long] in document with id '-2FDFo0Bo-jsbY2JzrAf'. Preview of field's value: '1f'

create an index template

    index mgmt / templates / create template

    logs-template

    data streams

    logs-*

shards      HOW MANY NODES

replicas    1

sample index mapping (see elastic-mgmt-mapping for details)

and search pattern

need to push some data first

    stack mgmt / index patterns

    logs-*

    @timestamp

resources

https://opensearch.org/docs/latest/dashboards/im-dashboards/index-management/

https://www.elastic.co/guide/en/elasticsearch/reference/7.17/number.html


HOME | GUIDES | LECTURES | LAB | SMTP HEALTH | HTML5 | CONTACT
Licensed under MIT