Hey all, having quite a bit of trouble simply getting Filebeat to write to an index with a customized name. Filebeat is v6.5.4, Elasticsearch is v6.8.5.
According to this, all you need to supply are 3 fields:
- elasticsearch.output.index
- setup.template.name
- setup.template.pattern
This does not seem to work as evidenced by running Filebeat with debug (filebeat -e -d "*"):
2021-08-03T05:47:34.255Z DEBUG [elasticsearch] elasticsearch/client.go:321 PublishEvents: 4 events have been published to elasticsearch in 3.409569ms.
2021-08-03T05:47:34.255Z DEBUG [elasticsearch] elasticsearch/client.go:526 Bulk item insert failed (i=0, status=500): {"type":"string_index_out_of_bounds_exception","reason":"String index out of range: 0"}
My configs are:
filebeat.inputs:
- type: docker
containers:
ids: "*"
setup.template.name: "customname"
setup.template.pattern: "customname-*"
filebeat.config.modules:
reload.enabled: false
setup.template.settings:
index.number_of_shards: 1
setup.kibana:
output.elasticsearch:
hosts: [<endpoint>]
index: "customname-%{[agent.version]}-%{+yyyy.MM.dd}"
<auth>
processors:
- add_host_metadata: ~
- add_cloud_metadata: ~
Does anyone know how to progress from here? The advice given by the docs don't seem to work as expected.
Setting the additional following config has the same outcome:
setup.ilm.enabled = false