Discuss the Elastic Stack

Create a custom index in winlogbeat using cloud.id

Elastic Stack Beats

mdhw3uxhwh (Tim Rice) May 1, 2019, 8:57pm 1

Hello,

I have reviewed a post that contains information on how to accomplish changing the default winlogbeat index name, but it does not seem to work for me.

I have tried exactly what the post provided and it didn't work, so I tried the below:
setup.template.name: 'winlogbeat-%{[beat.version]}-%{+yyyy.MM}_custid'
setup.template.pattern: 'winlogbeat%{[beat.version]}-*'

cloud.id: "XXX:XXXXXX"
cloud.auth: "XXXX:XXXX"
cloud.index: 'winlogbeat-%{[beat.version]}-%{+yyyy.MM}_custid'

Nothing seems to work. Any help would be greatly appreciated.

andrewkroh (Andrew Kroh) May 1, 2019, 10:52pm 2

Hi Tim, what version of Winlogbeat are you using? And what version of Elasticsearch? And this is on Elastic Cloud?

In 7.0 beat.version was replaced with agent.version. Additionally there's a new index lifecycle management feature that could be in play depending on versions that automatically creates new indexes based on criteria like size or time period

mdhw3uxhwh (Tim Rice) May 2, 2019, 3:02am 3

winlogbeat version 6.6.0 (amd64), libbeat 6.6.0 [2c385a0764bdc537b6dc078a1d9bf11bb6d7bd95 built 2019-01-24 10:45:45 +0000 UTC]

We are on elastic cloud and running 6.7.0

Thanks Andrew

Topic		Replies	Views	Activity
Winlogbeat still creates default index when setting up to use a custom index Beats winlogbeat	1	645	July 20, 2022
Changing the index name for winlogbeat sent to elasticsearch Beats winlogbeat	7	3371	March 27, 2019
Custom indexes didn't create using winlogbeat-7.2.1 version Beats winlogbeat	5	994	January 8, 2020
How to configure winlogbeat to use existing index in elasticsearch Beats	5	573	October 4, 2018
Change index name in winlogbeat Beats winlogbeat	4	341	August 24, 2021

© 2020. All Rights Reserved - Elasticsearch

Elasticsearch is a trademark of Elasticsearch BV, registered in the U.S. and in other countries
Trademarks
Terms
Privacy
Brand
Code of Conduct

Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.