Hi, I am trying to change the default pattern for the indexes generated by winlogbeat.
I have followed the indications of the official documentation, but at some point I have missed something ...

winlogbeat.yml:

winlogbeat\kibana\default\index-pattern\winlogbeat.json (I change winlogbeat-* for that):

winlogbeat\kibana\5.x\index-pattern (I change winlogbeat-* for that):

Results log:

CRIT Exiting: setup.template.name and setup.template.pattern have to be set if index name is modified.

If I put the following in the elasticsearch output (winlogbeat.yml):

It starts but the indexes in elastic are:

Someone knows what I'm doing wrong, the only thing I want is to change the name...

Firstly, please do not post screenshots of text. Just paste the raw text and surround it with three back-ticks to retain formatting.

Here's an example for changing the index name to use ISO weekly index naming. Adjust accordingly based on your naming requirements. But basically you need to set three settings when customizing the index naming (setup.template.name, setup.template.pattern, and output.elasticsearch.index).

setup.template:
  name:    'winlogbeat-%{[beat.version]}'
  pattern: 'winlogbeat-%{[beat.version]}-*'

output.elasticsearch:
  hosts: ['http://localhost:9200']
  index: 'winlogbeat-%{[beat.version]}-%{+xxxx.ww}'

This has worked perfect for me.
Thanks Andrew

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.