Filebeat custom index name without logstash

pranay_sankpal · December 21, 2018, 6:21pm

I want to change name of the index.

https://www.elastic.co/guide/en/beats/filebeat/current/elasticsearch-output.html#index-option-es
I'm referring above link. following is the filebeat.yml file. I'm not seeing any index in kibana.

 filebeat.inputs:
    - type: log
      paths:
        - /var/www/myapp/**/runtime/debug/*.data
      fields:
        log_type: debugdata

      tags: ["myapp-logs"]
      json.keys_under_root: true
      json.add_error_key: true
      json.message_key: log

    setup.template.name: "debugdata"
    setup.template.pattern: "debugdata-*"

    cloud.id: ${ELASTIC_CLOUD_ID}
    cloud.auth: ${ELASTIC_CLOUD_AUTH}

    output.elasticsearch:
      hosts: ['${ELASTICSEARCH_HOST:elasticsearch}:${ELASTICSEARCH_PORT:9200}']
      username: ${ELASTICSEARCH_USERNAME}
      password: ${ELASTICSEARCH_PASSWORD}
      index: "%{[fields.log_type]}-%{[beat.version]}-%{+yyyy.MM.dd}"

Attached is the list of indices.

what changes do i need to make to create custom index name.?
Expecting debugdata-7.0.0-alpha1-2018-20-21

rayl7786 · December 21, 2018, 6:35pm

Wouldn't you need to specify the index name under the ES output?

output.elasticsearch:
hosts: ['${ELASTICSEARCH_HOST:elasticsearch}:${ELASTICSEARCH_PORT:9200}']
username: ${ELASTICSEARCH_USERNAME}
password: ${ELASTICSEARCH_PASSWORD}
index: "debugdata-%{[beat.version]}-%{+yyyy.MM.dd}"

pranay_sankpal · December 21, 2018, 6:38pm

I couldn't get what you are trying to explain. It's under ES output, right? Can you show the example?

rayl7786 · December 21, 2018, 7:37pm

Sorry, I misread your filebeat.yml file. I now see you have added a custom field and are calling that field to be used for the index name. To me everything looks good in the config, not sure if you need to set it to overwrite the existing template

setup.template.overwrite: true

pranay_sankpal · December 22, 2018, 3:18am

@rayi7786 tried setting setup.template.overwrite: true, no luck with it. Is there a way to debug the issue?

pranay_sankpal · December 23, 2018, 8:22am

Any suggestions?

pranay_sankpal · December 25, 2018, 8:27am

@Christian_Dahlqvist sir, could you please help here?

steffens · December 27, 2018, 2:37pm

The indentation looks off.

filebeat.inputs:
    - type: log
      paths:
        - /var/www/myapp/**/runtime/debug/*.data
      fields:
        log_type: debugdata

      tags: ["myapp-logs"]
      
      json.keys_under_root: true
      json.add_error_key: true
      json.message_key: log

setup.template.name: "debugdata"
setup.template.pattern: "debugdata-*"

cloud.id: ${ELASTIC_CLOUD_ID}
cloud.auth: ${ELASTIC_CLOUD_AUTH}

output.elasticsearch:
  hosts: ['${ELASTICSEARCH_HOST:elasticsearch}:${ELASTICSEARCH_PORT:9200}']
  username: ${ELASTICSEARCH_USERNAME}
  password: ${ELASTICSEARCH_PASSWORD}
  index: "%{[fields.log_type]}-%{[beat.version]}-%{+yyyy.MM.dd}"

fixing the indentation I think it should work.

system · January 24, 2019, 2:37pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to create a new filebeat index with a custom name? Beats filebeat	4	19001	October 19, 2016
Cannot create custom filebeat index Beats filebeat	1	396	March 24, 2020
Custom Index Name for FileBeat Beats filebeat	3	1759	October 28, 2019
Can't modify the default index name Beats filebeat	2	1854	August 8, 2019
Custom index not getting created in Kibana Kibana	6	234	December 25, 2023

Filebeat custom index name without logstash

Related topics