Filebeat Index Issue - template pattern / name

kvch · June 1, 2018, 10:40am

Your config seems to be incorrect. setup.template.* should not go under output.elasticsearch. It stands in the root of the config, as seen here:

output.elasticsearch:
  # Array of hosts to connect to.
  hosts: ["192.168.1.199:9200"]
  index: "desktop-%{[beat.version]}-%{+yyyy.MM.dd}"
  indices:
    - index: "critical-%{[beat.version]}-%{+yyyy.MM.dd}"
      when.contains:
        message: "CRITICAL"
    - index: "error-%{[beat.version]}-%{+yyyy.MM.dd}"
      when.contains:
        message: "ERR"

  # Optional protocol and basic auth credentials.
  #protocol: "https"
  username: "elastic"
  password: "blah"

  timeout: 180
  bulk_max_size: 2

setup.template.name: "desktop"
setup.template.pattern: "desktop-*"

Topic		Replies	Views
Unable to change index name for Filebeat Beats filebeat	3	19652	April 5, 2018
Create Index with filebeat Beats filebeat	15	11694	February 22, 2020
Set index in filebeat Beats filebeat	3	332	February 28, 2020
ERROR instance/beat.go:906 Вопросы на русском языке	3	924	July 27, 2020
Filebeat 7.3.1 - Exiting: setup.template.name and setup.template.pattern have to be set if index name is modified Beats	3	1671	April 2, 2021

Filebeat Index Issue - template pattern / name

Related topics