Does Filebeat plan to support Data Streams, and if so, what is the expected development timeline?
Per docs,
Prior to Elasticsearch 7.9, you’d typically use an index alias with a write index to manage time series data. Data streams replace this functionality, require less maintenance, and automatically integrate with data tiers.
Yet as of 7.17.x, Filebeat still seems to only offer the option to use an index alias with daily indices.
(If I am misinterpreting this and there is some way to configure filebeat.yml for Data Streams, please let me know. Currently running filebeat setup --index-management does not seem to be configurable to support data_stream: {} in the resulting index template.)
If you want to use data streams in 7.17, you can edit the index template to add "data_stream": {} and load it manually. Then disable ILM and set output.elasticsearch.index to the name of the data stream.
To be clear do you mean a PUT /_template/<index-template> where the request body includes the entire existing index template plus data_stream: {} added? Or does PUT /_template/<index-template> support a partial-update (PATCH) where I can just add that single field?
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.