Change the index name used in elasticsearch module

mtoumi · April 12, 2019, 7:47pm

Hi

I am trying to monitor an es cluster using metricbeat elasticsearch module for some reason I can't change the index name sent to my monitoring cluster from .monitor-es-6-mb.

 2019-04-12T19:31:55.671Z        DEBUG   [publisher]     memqueue/ackloop.go:128 ackloop: 
 return ack to broker loop:17      [81/1959]
 2019-04-12T19:31:55.671Z        DEBUG   [publisher]     memqueue/ackloop.go:131 ackloop:  done 
send ack                             
2019-04-12T19:31:58.830Z        DEBUG   [publish]       pipeline/processor.go:308       Publish event: {                            
"@timestamp": "2019-04-12T19:31:56.202Z",                                                                                         
"@metadata": {
"beat": "metricbeat",
"type": "doc",
"version": "6.6.2",
"index": ".monitoring-es-6-mb"

here is my config

metricbeat:
  config:
    modules:
      path: /usr/share/metricbeat/modules.d/*.yml
      reload:
         enabled: false
output:
   elasticsearch:
         hosts:
         - https://mycluster:443
         index: kube-%{+yyyy.MM.dd}
         password: 
         username: 
    file:
         enabled: false
         filename: metricbeat
         number_of_files: 5
         path: /usr/share/metricbeat/data
        rotate_every_kb: 10000
path:
    config: /usr/share/metricbeat
    data: /usr/share/metricbeat/data
    home: /usr/share/metricbeat
    logs: /usr/share/metricbeat/logs
processors:
- add_cloud_metadata: null
setup:
    template:
      enabled: true
      name: kube
      pattern: kube-*

and I already have template called kube in monitoring cluster.

shaunak · April 15, 2019, 12:37pm

Could you post the contents of your /usr/share/metricbeat/modules.d/elasticsearch.yml? Please make sure to mask any sensitive information before posting. Thanks!

mtoumi · April 15, 2019, 2:36pm

here is the config.

- hosts:
   - http://mycluster:9200
   metricsets:
   - cluster_stats
   - index
   - index_summary
   - shard
   module: elasticsearch
   period: 10s
   xpack.enabled: true

and btw both clusters are running in kube cluster.

shaunak · April 16, 2019, 3:55pm

Are you trying to use Metricbeat to monitor Elasticsearch in order to use the Monitoring UI in Kibana? If so, it's not possible to change the index names from .monitoring-* (at least as of today). Those indices are meant to be for internal use only.

Or are you trying to use Metricbeat to monitor Elasticsearch and have its metrics indexed into metricbeat-*? In that case, you can simply remove the xpack.enabled: true setting from your /usr/share/metricbeat/modules.d/elasticsearch.yml config.

mtoumi · April 18, 2019, 3:58am

the second scenario. for now I used logstash to index them with different name. are you saying. if I removed xpack.enabled: true I would be able to have index name of my choice or this is still not possible as of today. thanks for the help.

system · May 16, 2019, 4:03am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.