Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enhancement: elasticsearch time-based indices #1

Open
faxm0dem opened this issue Nov 24, 2014 · 2 comments
Open

Enhancement: elasticsearch time-based indices #1

faxm0dem opened this issue Nov 24, 2014 · 2 comments

Comments

@faxm0dem
Copy link

Add a timestamping option that accepts either {daily,weekly,monthly,yearly) or a indexsuffix that would accept stftime type formatting e.g. -%y.%m.%d so we can have UTC dependant indices.
This cannot at the time be handled in syslog-ng because $YEAR, $MONTH, and $DAY macros are not UTC but local TZ
@faxm0dem faxm0dem changed the title Enhancement: Enhancement: time-based indices Nov 24, 2014
@faxm0dem faxm0dem changed the title Enhancement: time-based indices Enhancement: elasticsearch time-based indices Nov 24, 2014
@faxm0dem
Copy link
Author

faxm0dem commented Dec 1, 2014

For the record, this is the logic using the perl plugin: https://github.com/faxm0dem/syslog_ng-elasticsearch/blob/master/perl/Elasticsearch.pm#L66-L71

@faxm0dem
Copy link
Author

faxm0dem commented Dec 2, 2014

as pointed out by @fekete-robert if global option time-zone(UTC) is set, being able to pass index("myindex-$YEAR.$MONTH.$DAY") would do the job, but @juhaszviktor and @talien said implementing templates for the queue function is difficult

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@faxm0dem