Filebat - Create a custom index on elasticsearch

jaderolyver · September 3, 2019, 12:04am

Please someone here understand what is happen with my config, my filebeat doenst create index with my custom name. When i run the command filebeat setup the filebeat communicate with my elastic and create a index default filebeat.

filebeat.inputs:

type: log
enabled: true
paths:
- /var/log/*.log

setup.template.enabled: false
setup.template.name: 'srvprod_beat'
setup.template.pattern: 'srvprod_beat-*'

output.elasticsearch:
hosts: ["srvelastic:9200"]
username: "user-elastic"
password: "MyPassWord"
index: 'srvprod_beat-%{[agent.version]}-%{+dd.MM.yyyy}'

My filebeat, elastic-cluster, kibana is 7.3 all Linux.

Anantha_Padmanabhan · September 11, 2019, 7:09pm

Even I too face similar issue, is there any better documentation or anyone who can help on setting a custom index name?

daniel_a · September 11, 2019, 9:49pm

I have the same issue. Did you fix it yet?

If you don't specify either an index template name nor its pattern name, you'll get an error (see below), but even if you do, the default template filebeat-7.3.1 is still getting loaded, why!

Exiting: setup.template.name and setup.template.pattern have to be set if index name is modified

Anantha_Padmanabhan · September 12, 2019, 7:02am

If i mention setup.template.name and setup.template.pattern i dont get any error but still my index name remains filebeat-version-date.

Himanshu_Rajput · September 12, 2019, 7:18am

Add the following configuration to filebeat
setup.ilm.enabled: false

daniel_a · September 12, 2019, 4:59pm

This line totally did the trick! Thanks!

daniel_a · September 12, 2019, 5:00pm

@Anantha_Padmanabhan It's not that, I had that setup already. It was setup.ilm.enabled: false

daniel_a · September 12, 2019, 6:22pm

@Anantha_Padmanabhan, it's a known issue

jaderolyver · September 12, 2019, 6:44pm

Yep I did this but when you disable the ILM your filebeat doesn't auto create Lifecycle policy.

Anantha_Padmanabhan · September 13, 2019, 5:23am

yeah i too fixed it by doing the same temporarily..

daniel_a · September 13, 2019, 5:16pm

It's an open issue since April, 2019.

abhishek_kumar3 · September 24, 2019, 6:27am

@daniel_a Please use

.\filebeat.exe setup --index-management

This will set the index.

daniel_a · September 24, 2019, 7:30pm

@abhishek_kumar3 Do I still need to include setup.ilm.enabled: false? If not, this would solve the issue I think with not having ILM enabled, right?

abhishek_kumar3 · September 25, 2019, 7:10am

@daniel_a Yes, ilm is required once while setting up the index in the elastic search I think. For sending the data to a different index pattern, you may use that command I mentioned.

system · October 23, 2019, 7:10am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Create Index with filebeat Beats filebeat	15	11693	February 22, 2020
Filebeat 7.5.1 Missing a step for custom index names config? Beats filebeat	3	905	February 12, 2020
Unable to do `filebeat setup ...` for custom `filebeat` index name Beats filebeat	2	422	February 17, 2022
I can't redirect output to a custom index Beats filebeat	4	565	October 10, 2019
Custom filebeat index - same index name but diferent template Beats filebeat	6	807	March 30, 2020

Filebat - Create a custom index on elasticsearch

Related topics