Thanks a lot for the great explanation! It was really useful as it gave the two ways to deploy ILM (with and without rollover)

Love your work. Please keep them coming.

Nice video Clear sound. Thanks

Great...you got yourself a subscriber 👏👏

Great vids!

Great Videos !

Great!

Nice video! I am trying to create a rollover every week. I have created the template and policy just as you have. In the logstash.conf file, if I set ilm_pattern => “{now/day}-000001” just as you have , and the ilm policy max age to be 7 will the index rollover name be the date it is rolled over with the trailing 000001 or will the trailing numbers just keep incrementing when it rolls over and the date stays the same?

I am using input beats, i have done exactly all the steps but the problem is after i start logstash i don't nothing coming to the index but i can see doc count and size are increasing but from discover i don't see any. Also it broke other indexes not sure what i missed.

Hi, Thanks for sharing. But we use rollover mechanism for shard optimization and performance tuning. You said that logstash creates index and you don't like pattern numbers :) But firewall-2022.11.08 index has static shard number. There are many shard limitations in elasticsearch. If you dont use them, your system is getting slower day by day.

Can we remove from indice settings and template rolloover alias if we dont use rollover in firewall policy ?

Hi , I have a query If we are using Index with date and we need to apply Rollover in hot phase on that index. is it possible to apply or we can apply only delete phase ?

index => firewall [ which you set as a rollover alias ] will write the data to 0001 and subsequent indexes that will be active on that particular moment.

Hi, if in Index Template i have multiple index patterns, for example test*, number* and word* and I have same data views and I want to use same policy , do I update each config with the same ILM policy ? And I do for each: PUT test-000001 { "aliases": { "mypolicy": { "is_write_index": true } } } PUT number-000001 { "aliases": { "mypolicy": { "is_write_index": true } } } ?

Thanks (y)

Nice vid! That Rollover is for data streams and be sure U set Your alias. Based on Your alias build dashboards, search quires, visualizations and never brake. With alias You target all Your indices with the same name. Data streams are great for managing, but for me somehow they are slow on warm on cold nodes. Data streams are like Timescale for Postgresql

I have a clarification, the same way we did for index gets created everyday also have created only life cycle with deletion of 30 days. Also have assigned same ILM assigned to index but it’s not automatically managed by index when the new index gets created. Please advise

what are your personal views on self-managed ELK stack vs payed service?

thanks, very good explain. But plz reduce the size of webcam circle plzzzzz...and put right top... we dont see your windows console

I have ELK stack where logstash is 6.x version and kibana is 7.17 version The index i have mentioned in logstash conf file is not visible in kibana index pattern. How to fix?? Please help. I am new to this

Hi, please reply me I have trying so many time in ilm policy.. my elk version is 7.5.1 my indicis will move hot to warm. But in warm to cold it's not moving.even i have set min_age only 2m for translation warm to cold .....i have stuck this issue before a months please resolve it...and video on that like your indica will transfer all indicis

nice job man

I have a more complex question, I would like my index pattern not to be today's date, but the date that is in the message line. Because if Logstash does not know how to access the remote elasticsearch if I restart logstash the next day, the lines stored in the logstash queue or disk queue will be indexed the same day, except the index must be based on the true log date in the message .

Hello friend! It would be great if you showed how to send sql database via logstash and filebeat converting them to json. And how to make a full-text search on the site

Hi , Do you plan to make a video about apm with elasticsearch? and fleet server. thank you

Can video "Using Index Lifecycle Management (ILM) with Elasticsearch"+Data Stream? pleas

Is it possible to make a video securing logstash with your elastic cluster(output) as well as securing communication between winlogbeat and the logstash(Input)

Hrmm just noticed the timezone value in your logstash conf. You are in Edmonton?