Elastic Sink does not apply any special requirements for LogEvent format and event can be extended with any additional tags.
Also, special tag properties/elk-index of type String can be present. See explanation below.
Thus, the name of index in Elastic is defined as follows:
- If
elk-indextag exists then the index name would be${elk-index}-${date},
where
${elk-index}is the value of theproperties/elk-indextag,
${date}is UTC date from timestamp of the event inYYYY.MM.DDformat. - If
projecttag exists then the index name would be${project}-${environment}-${subproject}-${date},
where
${project}is the value of theproperties/projecttag,
${environment}is the value of theproperties/environmenttag,
${subproject}is the value of theproperties/subprojecttag,
${date}is UTC date from timestamp of event inYYYY.MM.DDformat.
Ifsubprojectorenvironmenttags are missing theirs value and corresponding hyphen will be skipped. - If none of above tags exists ignore event.