(another) Custome Index Name for Filebeat

mhare · January 2, 2022, 3:03am

First: Happy New Year!

Second: I have seen various other posts on this topic, but they always seem to timeout before getting to an answer.

I an running ELK 7.13.4
I have an Elasticsearch that ingests data from multiple filbeats running on different servers. The logs are not similar from server to server, so I'd like to have separate indices for each server.

Oh, yeah, I also need ILM to age the logs and eventually remove them.

In a filebeat yaml, I have added
output.elasticsearch.index: "customename-%{+yyyy.MM.dd}"

and

setup:
  template:
    name: "customname"
    pattern: "customname-*"

I restart filebeat, and it keeps writing to the old existing filebeat index, the new index is not created.

What have I forgotten to do?

Thanks!

Michael

kvch · January 3, 2022, 12:19pm

Have you disabled ILM loading? If not, you should set setup.ilm.enabled: false.

mhare · January 12, 2022, 8:44pm

Sorry, been off doing 1000 other things. I did try as you suggested and it made no difference. I think I have something else going on in the yaml configuration. At any rate, this was deprioritized so I have not gotten back to it. Thank you for responding, I do really appreciate it!

system · February 9, 2022, 10:44pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.