Hi!
I am using the Suricata filebeat module to send Suricata logs directly to ES. I am using all the default filebeat indexes.
I want to change the default index and index patterns names to be suricata instead of filebeat. I have to disable ILM?
Is there any possibility to configure a new ILM and configure that new index to use it?
No u can set setup.ilm.rollover_alias to change the index names. See Configure index lifecycle management | Filebeat Reference [7.13] | Elastic.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.