Elastiflow-flow-ecs-8.0-2.3-tsds lifecycle policy

Homeserv · August 8, 2024, 8:08am

elastiflow-flow-ecs-8.0-2.3-tsds index is growing and growing although a lifecycle policy has been set (by default).

I’ve removed the current lifecycle policy from the index. When trying to add the lifecycle policy again, elasticsearch gives the error “Index has no aliases” (Policy elastiflow is configured for rollover, but index elastiflow-flow-ecs-8.0-2.3-tsds does not have an alias, which is required for rollover.).

Probably that’s why there is no rollover for the TSDS index.

rob · August 8, 2024, 11:28am

When did you enable TSDS? Was it after the collector had already been started once without TSDS? If so, it is necessary to delete the non-TSDS index templates that were originally installed. See the note here…

Homeserv · August 8, 2024, 4:41pm

TSDS was enabled after the installation had run for a couple of months.
Stopped flowcoll, removed the indexes and restarted flowcoll. Lets see how things will run.

Thank you for the answer. Never looked at the docs before enabling TSDS.

Topic		Replies	Views
Index ILM policy is not working as desired ElastiFlow Community elasticsearch	2	290	October 17, 2024
Index Lifecycle Management (ILM) problems ElastiFlow Community	2	43	August 27, 2025
Error creating index, an index exists with the same name as the alias ElastiFlow Community flow-collector	7	153	February 22, 2025
AWS S3 Bucket Flowcoll.yml Example ElastiFlow Community flow-collector	13	145	March 27, 2025
Elastic Licensing Changes & ElastiFlow’s Solution Announcements	1	168	January 19, 2025

Elastiflow-flow-ecs-8.0-2.3-tsds lifecycle policy

Related topics