I'm using filebeat to read log files that are not supported out of the box, for elasticsearch indexing.
The thing is that I get 1000+ field mappings that appear to be coming from default filebeat modules (apache, nginx, system, docker, etc.), and they only get in the way.
I've tried to reference a custom fields.yml file in filebeat.yml config, but it doesn't seem to make a difference. I'm still getting all those mappings. All the filebeat modules are disabled by default, so their state is also irrelevant.
Any hint is much appreciated.
There are various settings that will let you use a custom index template, overwrite an existing template, or turn off template management so you can set them up manually -- see the docs here for details
Thanks. My specific problem was with setup.template.fields: "path/to/fields.yml" that seemed to make no difference at all.
I've added custom file, and I still got all fields from the default fields.yml in my index.
But I already figured out to turn it off completely, and I choose to do that instead.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.