Skip to content

Latest commit

 

History

History
154 lines (126 loc) · 5.42 KB

date-index-name.md

File metadata and controls

154 lines (126 loc) · 5.42 KB
layout title parent nav_order
default
Date index name
Ingest processors
55

Date index name processor

The date_index_name processor is used to point documents to the correct time-based index based on the date or timestamp field within the document. The processor sets the _index metadata field to a date math index name expression. Then the processor fetches the date or timestamp from the field field in the document being processed and formats it into a date math index name expression. The extracted date, index_name_prefix value, and date_rounding value are then combined to create the date math index expression. For example, if the field field contains the value 2023-10-30T12:43:29.000Z and index_name_prefix is set to week_index- and date_rounding is set to w, then the date math index name expression is week_index-2023-10-30. You can use the date_formats field to specify how the date in the date math index expression should be formatted.

The following is the syntax for the date_index_name processor:

{
  "date_index_name": {
    "field": "your_date_field or your_timestamp_field",
    "date_rounding": "rounding_value"
  }
}

{% include copy-curl.html %}

Configuration parameters

The following table lists the required and optional parameters for the date_index_name processor.

Parameter Required/Optional Description
field Required The date or timestamp field in the incoming document. Supports template snippets.
date_rounding Required The rounded date format within the index name . Valid values are y (year), M (month), w (week), d (day), h (hour), m (minute), and s (second).
date_formats Optional An array of date formats used to parse the date or timestamp field. Valid options include a java time pattern or one of the following formats: ISO8601, UNIX, UNIX_MS, or TAI64N. Default is yyyy-MM-dd'T'HH:mm:ss.SSSXX.
index_name_format Optional The date format. Default is yyyy-MM-dd. Supports template snippets.
index_name_prefix Optional The index name prefix to append before the date. Supports template snippets.
description Optional A brief description of the processor.
if Optional A condition for running this processor.
ignore_failure Optional If set to true, failures are ignored. Default is false.
locale locale Optional
on_failure Optional A list of processors to run if the processor fails.
tag Optional An identifier tag for the processor. Useful for debugging to distinguish between processors of the same type.
timezone Optional The time zone to use when parsing the date. Default is UTC.

Using the processor

Follow these steps to use the processor in a pipeline.

Step 1: Create a pipeline.

The following query creates a pipeline, named date-index-name1, that uses the date_index_name processor to index logs into monthly indexes:

PUT /_ingest/pipeline/date-index-name1
{
  "description": "Create weekly index pipeline",
  "processors": [
    {
      "date_index_name": {
        "field": "date_field",
        "index_name_prefix": "week_index-",
        "date_rounding": "w",
        "date_formats": ["YYYY-MM-DD"]
      }
    }
  ]
}

{% include copy-curl.html %}

Step 2 (Optional): Test the pipeline.

It is recommended that you test your pipeline before you ingest documents. {: .tip}

To test the pipeline, run the following query:

POST _ingest/pipeline/date-index-name1/_simulate
{
  "docs": [
    {
      "_index": "testindex1",
      "_id": "1",
      "_source": {
        "date_field": "2023-10-30"
      }
    }
  ]
}

{% include copy-curl.html %}

Response

The following example response confirms that the pipeline is working as expected:

{
  "docs": [
    {
      "doc": {
        "_index": "<week_index-{2023-10-01||/w{yyyy-MM-dd|UTC}}>",
        "_id": "1",
        "_source": {
          "date_field": "2023-10-30"
        },
        "_ingest": {
          "timestamp": "2023-11-13T18:23:10.408593092Z"
        }
      }
    }
  ]
}

Step 3: Ingest a document.

The following query ingests a document into an index named testindex1:

PUT testindex1/_doc/1?pipeline=date-index-name1
{
  "date_field": "2023-10-30"
}

{% include copy-curl.html %}

Response

The request indexes the document into the index week_index-2023-10-23 and will index all documents with a timestamp within that week into the same index because the pipeline rounds by week.

{
  "_index": "week_index-2023-10-30",
  "_id": "1",
  "_version": 4,
  "result": "updated",
  "_shards": {
    "total": 2,
    "successful": 1,
    "failed": 0
  },
  "_seq_no": 3,
  "_primary_term": 1
}

Step 4 (Optional): Retrieve the document.

To retrieve the document, run the following query:

GET week_index-2023-10-30/_doc/1

{% include copy-curl.html %}