Dynamic filebeat index naming

ajhstn · June 24, 2020, 6:06am

Hi - I am using the new(er) Okta and PANW filebeat modules.

How do i say "send the okta logs to the okta index and the panw logs to the panw index"

I have tried this to create an index based of the fields.event.module field.

output.elasticsearch:
 index: "%{[fields.event.module]:other}-%{[agent.version]}-%{+yyyy.MM.dd}"

setup.template.name: "index-%{[beat.version]}"
setup.template.pattern: "index-%{[beat.version]}-*"

mtojek · June 24, 2020, 9:04am

I'm not quite sure if I understand your problem. Did you run filebeat setup?

system · July 22, 2020, 11:04am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Best practice for using file beats and indexing Beats filebeat	3	825	April 17, 2018
Dynamic index name not working with Filebeat Beats filebeat	4	1871	November 11, 2020
Override index name while using the inbuilt filebeat modules Beats beats-module , filebeat	6	1041	August 10, 2020
Dynamic index name when using multiple filebeat instances Logstash	3	768	August 13, 2018
Different index name for different filebeat instances Beats filebeat	3	965	April 18, 2019

Dynamic filebeat index naming

Related topics