Auditbeat collects old data on Linux system

Hi team, we are facing an issue when installing Auditbeat on a new machine that collects historical data 2020 2021. Any way to fix this?
This is the configuration for Auditbeat


- module: system


    - host    # General host information, e.g. uptime, IPs

    - login   # User logins, logouts, and system boots.

    - package # Installed, updated, and removed packages

    - process # Started and stopped processes

    - user    # User information

  state.period: 12h

  # detect any changes.

  user.detect_password_changes: true

  # File patterns of the login record files.

  login.wtmp_file_pattern: /var/log/wtmp*

  login.btmp_file_pattern: /var/log/btmp*

#==================== Elasticsearch template setting ==========================


  index.number_of_shards: 0

  #index.codec: best_compression

  #_source.enabled: false



  hosts: [""]

#================================ Processors =====================================

# Configure processors to enhance or manipulate events generated by the beat.


  - add_host_metadata: ~

  - add_cloud_metadata: ~

  - add_docker_metadata: ~
1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.