Discuss the Elastic Stack

Create a custom index in winlogbeat using cloud.id

Elastic Stack Beats

mdhw3uxhwh (Tim Rice) May 1, 2019, 8:57pm 1

Hello,

I have reviewed a post that contains information on how to accomplish changing the default winlogbeat index name, but it does not seem to work for me.

I have tried exactly what the post provided and it didn't work, so I tried the below:
setup.template.name: 'winlogbeat-%{[beat.version]}-%{+yyyy.MM}_custid'
setup.template.pattern: 'winlogbeat%{[beat.version]}-*'

cloud.id: "XXX:XXXXXX"
cloud.auth: "XXXX:XXXX"
cloud.index: 'winlogbeat-%{[beat.version]}-%{+yyyy.MM}_custid'

Nothing seems to work. Any help would be greatly appreciated.

andrewkroh (Andrew Kroh) May 1, 2019, 10:52pm 2

Hi Tim, what version of Winlogbeat are you using? And what version of Elasticsearch? And this is on Elastic Cloud?

In 7.0 beat.version was replaced with agent.version. Additionally there's a new index lifecycle management feature that could be in play depending on versions that automatically creates new indexes based on criteria like size or time period

mdhw3uxhwh (Tim Rice) May 2, 2019, 3:02am 3

winlogbeat version 6.6.0 (amd64), libbeat 6.6.0 [2c385a0764bdc537b6dc078a1d9bf11bb6d7bd95 built 2019-01-24 10:45:45 +0000 UTC]

We are on elastic cloud and running 6.7.0

Thanks Andrew

system (system) Closed May 30, 2019, 3:05am 4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views	Activity
Winlogbeat still creates default index when setting up to use a custom index Beats winlogbeat	1	490	July 20, 2022
Changing the index name for winlogbeat sent to elasticsearch Beats winlogbeat	7	3211	March 27, 2019
Winlogbeat 7.2.0 index name not changing despite specifying setup.template.name, setup.template.pattern Beats winlogbeat	5	1128	September 3, 2019
Winlogbeat doesn't create custom index-patterns but Elasticsearch does create custom index names, so everything is broken Beats metricbeat , winlogbeat	3	569	October 13, 2020
Custom indexes didn't create using winlogbeat-7.2.1 version Beats winlogbeat	5	947	January 8, 2020

© 2020. All Rights Reserved - Elasticsearch

Elasticsearch is a trademark of Elasticsearch BV, registered in the U.S. and in other countries
Trademarks
Terms
Privacy
Brand
Code of Conduct

Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.