Custom index name for Filebeat System module output

thethomp · December 21, 2018, 7:10pm

Hello,

I'm new to using modules with filebeat, but I'm interested in using the System module to write out syslogs from my Centos7 servers to ES. It looks like by default it will just write to the standard filebeat-* index name, but I was hoping to customize that in order to differentiate between potentially different modules writing to the same index.

I thought I could do something like this, but it doesn't seem to be working... any ideas? Also, would this screw up the built-in module templates and Kibana dashboards? Would I need additional custom configurations to have those point to the write place?

output.elasticsearch:
  hosts: ["logs:9200"]
  indices:
    - index: "filebeat-syslog-%{[beat_version]}-%{+yyyy.MM.dd}"
      when.equals:
        fileset.module: "system"

Thanks in advance for any assistance!

Tek_Chand · January 3, 2019, 11:57am

@thethomp,

Yes..you are correct that Filebeat dashboards are tied with filebeat-* index. You can't use the filebeat dashboards if you are using any other index.

Thanks.

system · January 31, 2019, 11:57am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Custom Index Name for FileBeat Beats filebeat	3	1759	October 28, 2019
Override index name while using the inbuilt filebeat modules Beats beats-module , filebeat	6	1041	August 10, 2020
Comand line Filebeat Beats filebeat	3	408	April 17, 2018
Setup filebeat to send different logs to different indexes (to elasticsearch) Elasticsearch	1	202	August 15, 2023
Filebeat Module Custom Index Beats filebeat	2	1777	June 14, 2019

Custom index name for Filebeat System module output

Related topics