Hi All, I'm new here and i have query creating data_streams for container logs
we have a common ELK without logstash for all - dev, stg,tst & prd and when we send logs from container to elasticsearch the dataset is prefixed with "log-" and matches always with managed index template ("logs-kubernetes.container" or "logs" index_template) & index_pattern "logs-*"
Reaching out to you to understand how to handle in this scenario's where i can create data_streams for each individual environment with custom ILM policy to be applied