Hello,
I'm new to using modules with filebeat, but I'm interested in using the System module to write out syslogs from my Centos7 servers to ES. It looks like by default it will just write to the standard filebeat-* index name, but I was hoping to customize that in order to differentiate between potentially different modules writing to the same index.
I thought I could do something like this, but it doesn't seem to be working... any ideas? Also, would this screw up the built-in module templates and Kibana dashboards? Would I need additional custom configurations to have those point to the write place?
output.elasticsearch:
hosts: ["logs:9200"]
indices:
- index: "filebeat-syslog-%{[beat_version]}-%{+yyyy.MM.dd}"
when.equals:
fileset.module: "system"
Thanks in advance for any assistance!