@Marcin_Frankiewicz Huh 
!
I think I got it to work in 8..5.3 with a bit of a workaround / hack using normal indices (not data streams)... and no logstash...
You will need to manually setup your index template etcn as a normal index / not a data stream... and leave in those settings below so you can write to an index name not a data stream.
Then strangely this all works pretty simple because the logic in that bug is fixed... @metadata._id plus metadata.op_type: "index"
This worked! It updated the Doc in Place!
filebeat.inputs:
- type: filestream
# Unique ID among all inputs, an ID is required.
id: my-filestream-id
# Change to true to enable this input configuration.
enabled: true
paths:
- "/Users/sbrown/workspace/customers/onsemi/sample-data/catalina.out"
processors:
- fingerprint:
fields: ["message"]
target_field: "@metadata._id"
method: "sha1"
- add_fields:
target: "@metadata"
fields:
op_type: "index"
setup.template.settings:
index.number_of_shards: 1
setup.kibana:
output.elasticsearch:
hosts: ["localhost:9200"]
index: "customname-index"
setup.ilm.enabled: false
setup.template.enabled: true
setup.template.name: "customname"
setup.template.pattern: "customname-*"