Elasticsearch Indexing

Hi Team,

I am using the ELK stack along with Filebeat for a monitoring project. Currently, Filebeat is collecting logs from a specific directory, and the log files follow a defined naming pattern.

We also perform weekly backups. As part of a directory restructuring effort, we are planning to move the log files to a new directory while keeping everything else unchanged, including the file naming convention.

My question is: after moving the directory, Filebeat may create new indices. However, we would like to continue using the existing (old) indices since the data structure and log format will remain the same.

Can anyone please help me with this ?

Thanks.

index names are determined solely by your filebeat.yml output configuration or ILM/index template settings, not by file paths.
Your existing indices will continue to be used without any change.

The real risk to watch out for is duplicate document ingestion, which can occur if Filebeat loses registry tracking of the moved files and re-reads them from the beginning.
To prevent this, stop Filebeat before moving, use mv within the same filesystem to preserve inodes, then update the path in filebeat.yml before restarting.