elk 这套日志 最近报错 无效索引要小写，求指导

[2024-10-17T16:43:21,934][ERROR][logstash.outputs.elasticsearch][audit][9b837e55c8099cbb5d15de6e33ff7d57678ffc02f082744561c30f21c7610c3c] Could not index event to Elasticsearch. {:status=>400, :action=>["index", {:_id=>nil, :_index=>"asr-test-%{[appName]}-%{[serverName]}.log-2024.10.17", :routing=>nil}, {"@timestamp"=>2024-10-17T08:43:21.696Z, "logstash_destination"=>"10ip 打码 90:9889", "host"=>"1ip 打码 97", "logger_name"=>"cn.com.safeware.common.logback.GlobalTraceLogIdSetting", "thread_name"=>"http-nio-9040-exec-159", "type"=>"logback", "env"=>"test", "level_value"=>20000, "traceId"=>"369b8faa9ae54e9ea79c241236670b97", "level"=>"INFO", "app_name"=>"erp", "server_name"=>"api-web", "port"=>33726, "@version"=>"1", "message"=>"请求方式 : POST"}], :respOnse=>{"index"=>{"_index"=>"asr-test-%{[appName]}-%{[serverName]}.log-2024.10.17", "_type"=>"_doc", "_id"=>nil, "status"=>400, "error"=>{"type"=>"invalid_index_name_exception", "reason"=>"Invalid index name [asr-test-%{[appName]}-%{[serverName]}.log-2024.10.17], must be lowercase", "index_uuid"=>"_na_", "index"=>"asr-test-%{[appName]}-%{[serverName]}.log-2024.10.17"}}}} 

上面是报错日志，接下来看我 logstash 的配置

 cat logstash-audit.conf input { beats { port => 5044 } tcp { port => 9889 codec => json } } filter { if [stack_trace] { mutate { update => { "message" => "%{[message]}%{[stack_trace]}" } } } } output { if "erp" in [tags] { elasticsearch { hosts => [ "17ip 打码 900" ] index => "erp-log%{+YYYY.MM.dd}" } } else if "node167" in [tags] { elasticsearch { hosts => [ "17ip 打码 90" ] index => "ecow-log%{+YYYY.MM.dd}" } } else if "app" in [tags] { elasticsearch { hosts => [ "1ip 打码 9200" ] index => "app-log%{+YYYY.MM.dd}" } } else if "app_name" == "seata-server" { elasticsearch { hosts => ["http://1ip 打码 9200"] index => "pro-seata-server.log-%{+YYYY.MM.dd}" } } else { elasticsearch { hosts => ["http://17ip 打码 9200"] index => "asr-%{[env]}-%{[appName]}-%{[serverName]}.log-%{+YYYY.MM.dd}" } } } 

报错影响的应该是这行配置

else { elasticsearch { hosts => ["http://17ip 打码 9200"] index => "asr-%{[env]}-%{[appName]}-%{[serverName]}.log-%{+YYYY.MM.dd}" } 

可以看到我这里使用了三个变量，这里我保证这 3 个变量拿到的值一定是全小写 请问这里是什么问题，有没有知道的，或者提供下思路