I have a variety of elasticsearch indices which are created daily by logstash with the format:
"logstash-%{cluster_type}-%{cluster_name}-jobaccounting-v2-%{+YYYY.MM.dd}"
I would like to create an alias in elasticsearch which drops the version number from the index name. I am planning to point my kibana instance at the aliased index rather than the versioned index so that I can change the version numbers without impacting kibana.
index: "logstash-%{cluster_type}-%{cluster_name}-jobaccounting-v2-%{+YYYY.MM.dd}"
alias: "logstash-%{cluster_type}-%{cluster_name}-jobaccounting-%{+YYYY.MM.dd}"
Elasticsearch index templates can be used to create an alias everytime a new index is created. https://www.elastic.co/blog/aliases-ftw
Unfortuantely, I have not found any good way to use variables in the alias name. I would like to avoid having to create a template for every cluster_type, cluster_name, and date.
If I had 2 entries for each variable cluster_name and cluster_type, I would have 4 indices every day, which would require 4 aliases for each day.
If I could use a date variable, then I could just have 4 templates rather than 4 templates for each day.
Is there a way to use a date variable in the alias name? Does taking this approach make sense?
