BTW you can also do this sending direct from Filebeat to Elasticsearch and you will still get all the benefits above that I mentioned.
filebeat.inputs:
- type: filestream
id: my-filestream-id
enabled: true
paths:
- /var/log/*.log
fields_under_root: true
fields:
data_stream.type: logs
data_stream.dataset: system_log
data_stream.namespace: default
setup.ilm.enabled: false
setup.template.enabled: false
# setup.template.settings:
# index.number_of_shards: 1
setup.kibana:
output.elasticsearch:
hosts: ["http://localhost:9200"]
index: "%{[data_stream.type]}-%{[data_stream.dataset]}-%{[data_stream.namespace]}"