Hello - I am trying to extend my Elastic Stack to include my pfsense logs. Right now Logstash is working with beats setup and I have Filebeat on all my instances. I have added my new inputs for syslog and logs are coming in but the index names are funky due to what I am guessing is them not having the arguments replaced. Here is the new syslog index name.
%{[@metadata][beat]}-2018.09.09
Below is my output config which came from the Elastic website documentation on setting up Logstash and Filebeat.
output {
elasticsearch {
hosts => "es.prasket.home"
index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
}
}
Any tips or suggestions on how to get the index name's to be meaningful while using Filebeat?