Filebat - Create a custom index on elasticsearch

jaderolyver · September 3, 2019, 12:04am

Please someone here understand what is happen with my config, my filebeat doenst create index with my custom name. When i run the command filebeat setup the filebeat communicate with my elastic and create a index default filebeat.

filebeat.inputs:

type: log
enabled: true
paths:
- /var/log/*.log

setup.template.enabled: false
setup.template.name: 'srvprod_beat'
setup.template.pattern: 'srvprod_beat-*'

output.elasticsearch:
hosts: ["srvelastic:9200"]
username: "user-elastic"
password: "MyPassWord"
index: 'srvprod_beat-%{[agent.version]}-%{+dd.MM.yyyy}'

My filebeat, elastic-cluster, kibana is 7.3 all Linux.

Anantha_Padmanabhan · September 11, 2019, 7:09pm

Even I too face similar issue, is there any better documentation or anyone who can help on setting a custom index name?

daniel_a · September 11, 2019, 9:49pm

I have the same issue. Did you fix it yet?

If you don't specify either an index template name nor its pattern name, you'll get an error (see below), but even if you do, the default template filebeat-7.3.1 is still getting loaded, why!

Exiting: setup.template.name and setup.template.pattern have to be set if index name is modified

Anantha_Padmanabhan · September 12, 2019, 7:02am

If i mention setup.template.name and setup.template.pattern i dont get any error but still my index name remains filebeat-version-date.

Himanshu_Rajput · September 12, 2019, 7:18am

Add the following configuration to filebeat
setup.ilm.enabled: false

daniel_a · September 12, 2019, 4:59pm

This line totally did the trick! Thanks!

daniel_a · September 12, 2019, 5:00pm

@Anantha_Padmanabhan It's not that, I had that setup already. It was setup.ilm.enabled: false

daniel_a · September 12, 2019, 6:22pm

@Anantha_Padmanabhan, it's a known issue

jaderolyver · September 12, 2019, 6:44pm

Yep I did this but when you disable the ILM your filebeat doesn't auto create Lifecycle policy.

Anantha_Padmanabhan · September 13, 2019, 5:23am

yeah i too fixed it by doing the same temporarily..

daniel_a · September 13, 2019, 5:16pm

It's an open issue since April, 2019.

abhishek_kumar3 · September 24, 2019, 6:27am

@daniel_a Please use

.\filebeat.exe setup --index-management

This will set the index.

daniel_a · September 24, 2019, 7:30pm

@abhishek_kumar3 Do I still need to include setup.ilm.enabled: false? If not, this would solve the issue I think with not having ILM enabled, right?

abhishek_kumar3 · September 25, 2019, 7:10am

@daniel_a Yes, ilm is required once while setting up the index in the elastic search I think. For sending the data to a different index pattern, you may use that command I mentioned.

system · October 23, 2019, 7:10am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Create Index with filebeat Beats filebeat	15	11651	February 22, 2020
Custom Index Name for FileBeat Beats filebeat	3	1757	October 28, 2019
Setup.template.name not work Beats filebeat	2	343	August 30, 2022
Filebeat Index Issue - template pattern / name Beats filebeat	3	17174	June 29, 2018
Filebeat is unable to create custom index Beats filebeat	12	1116	February 8, 2023

Filebat - Create a custom index on elasticsearch

Related Topics