uberAgent Elastic (ELK) Rollover

Does anyone have any experience trying to rollover uberagent index in Elastic/Kibana?  According to the Elastic documentation it seems like you have to create an alias for uberagent, lets say uberagent-v5, then you have to use a POST command such as POST uberagent-v5/_rollover/uberagent-v5-2018.10.16-1 in order to create the new name for the new index thats going to rollover.  I've been trying to get uberagent to rollover based on the date so that Elastic creates a daily uberagent index and we can remove indicies based on date.  Even with Elastics Curator I can't get this index to rollover.


    Helge Klein Official comment

    Elasticsearch has a rollover index API that should do the trick. It allows you to set conditions on an index that define when a rollover occurs. Available conditions include index age and maximum size.

    This blog post explains the use of the rollover API further.

    Dominik Britz

    Hi Ryan,

    I created a ticket in our support system where we will work on this. We will post the solution here, too.

    Ryan Downey


    I appreciate the quick response.  I will also try to lay out the steps that I've taken to troubleshoot the issue so that you all have an idea of where I'm at.  Enjoy the rest of your day.


