Custom Index for Functionbeat

sainath · September 15, 2020, 11:22am

Hi Team, I am trying to deploy function beat to read AWS logs which i am succesfully able to do.

However, i require different index to be created in Elasticsearch for different log groups.Below id the elasticsearch output condition i used, which isnt working.

output.elasticsearch:
  # Array of hosts to connect to.
  hosts: ["10.10.10.10:9200"]
  indices:
    - index: "xyz"
      when.contains:
      log_group: "ec2"

I also tried providing the full log groups name under the log_group.
Elastic search version : 7.7.1
Functionbeat version : 7.9.0
Please help me to understand and resolve the issue.

sainath · September 16, 2020, 8:40am

Team, Is there anything i can try? I'd really appreciate any guidance. Thanks!

mtojek · September 16, 2020, 10:07am

Here is a similar thread: Handling multiples modules output to multiples indexes, good practice?

sainath · October 14, 2020, 11:37am

Able to create new index by using below configuration on top of output.elasticsearch in functionbeat.yml

setup.ilm.enabled: false
setup.template.name: "xyz"
setup.template.pattern: "xyz-*"
output.elasticsearch:

Arzu_Atalik · October 28, 2020, 1:12pm

Egsyefsi 5wvuxtsy7wfehd7sfshfsydgxhs6svcbysicjdhufushdufhshfsfshd8chfgdjxydhjehdfeu

Fyzvdusgfyzhdns7r
Sfhd5sgddgdydyýd
Dyehdhdudud dudduat

system · November 25, 2020, 3:12pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.