Just found a similar issue with a solution, check this post.
You will need to some data_stream fields, basically you will need to create the fields:
datas_tream.typedata_stream.datasetdata_stream.namespace
You need this in your filter block:
mutate {
add_field => {
"[data_stream][type]" => "logs"
"[data_stream][dataset]" => "ssc-misc-%{[instance_name]}-%{[instance_IP]}"
"[data_stream][namespace]" => "nonprod"
}
}
And remove those settings from the output.