Elasticsearch get logs via filebeats shipper default settings. All custom index settings were configured on /etc/filebeats/filebeats.yml file. This is my configuration file:
output.elasticsearch:
# Array of hosts to connect to.
hosts: ["host-ip:9200"]
protocol: "https"
index: "samba-%{[agent.hostname]}-%{[agent.version]}-%{+dd.MM.yyyy}"
# Authentication credentials - either API key or username/password.
username: "elastic"
password: "password"
ssl:
enabled: true
certificate_authorities:
- |
-----BEGIN CERTIFICATE-----
XXX
-----END CERTIFICATE-----
setup.template:
name: "samba"
pattern: "samba-%{[agent.version]}"
overwrite: true
setup.ilm.enabled: false
When the filebeat setup command was run, "no matching index template found for data stream [samba]" exception was thrown, although this custom index template was created on ELK . After start the filebeat service, all logs were collected on default index (.ds-filebeat-8.6.2-2023.03.09-000001). How can i fix this?