help with add timestemp with minutes

[Alisher-Nabiev]

Hi, I know I opened a ticket before, but I still need help. I can't get it to work.

i am trying to configure my index like this to get the index name with date time including minutes

today it looks like this "enriched_netflow-2024.08.20"

needed like this "enriched_netflow-2024.08.20-HH-mm"

don't work:
output {
elasticsearch {
host => 0.0.0.0
port => 9200
bulk_limit => 1000
bulk_timeout => 100
pipeline => imei-pipeline
index_prefix => "netflow-%{+YYYY-MM-dd.HH.mm}"
data_type => netflow
}
}

I tried to run the DEBUG and it shows like everything is ok but I still don't receive any doc to my index.
it works for me only like this:
output {
elasticsearch {
host => 0.0.0.0
port => 9200
bulk_limit => 1000
bulk_timeout => 100
pipeline => imei-pipeline
index_prefix => netflow
data_type => netflow
}
}

also tried this conf didn't work:
output {
elasticsearch {
host => 0.0.0.0
port => 9200
bulk_limit => 1000
bulk_timeout => 100
pipeline => imei-pipeline
index => netflow-%{+YYYY-MM-dd.HH.mm} ---> logstash syntax
data_type => netflow
}
}

and tried this as you suggest didn't work:
output {
elasticsearch {
host => 0.0.0.0
port => 9200
bulk_limit => 1000
bulk_timeout => 100
pipeline => imei-pipeline
index => 'netflow-#{now:YYYY-MM-dd.HH.mm}'
data_type => netflow
}
}

can't get it with hours and minutes in the index name.

I would like to have your opinion again.

[lmangani]

needed like this "enriched_netflow-2024.08.20-HH-mm"

This is unclear. You example is half a template and it would be much better to indicate the full format desired.

This said - it seems you are not following the MomentJS object syntax nor your own template above.

Example:

YYYY.MM.DD-hh-mm = 2024.08.22-06-12

I tried to run the DEBUG and it shows like everything is ok but I still don't receive any doc to my index.

I think you need to investigate your Elastic logs to find out what's wrong.