Filebeat with netflow module: independent index problem

robertitox · June 24, 2020, 11:29pm

Hi people, I enable netflow module in filebeat, and in filebeat.yml file I put this lines:
output.elasticsearch:
hosts: ["siemtest.provincianet.com.ar:9200"]
protocol: "http"
username: "elastic"
password: "xxx"
indices:

index: "filebeat-netflow-%{+yyyy.MM.dd}"
when.equals:
event.module: "netflow"
index: "filebeat-%{[agent.version]}-%{+yyyy.MM.dd}"
whe.not.equals:
event.module: "netflow"

I wanted to put every netflow data in one filebeat index and the other data in another index.

After executing "filebeat setup" and "service filebeat start", I go to "Index Management" --> filebeat-*, and I see a message telling that I have to reindex because there are some fields with different defined type along several indexes.

Have I proceed in a corect way?

How can I do to have netflow data in a index an the other data in another index (default)???

Thanks a lot!!!

Kaiyan_Sheng · June 25, 2020, 12:52am

Hello! Can you run two Filebeats, one with netflow module enabled and the other with other modules that you are using? Then for each Filebeat, in filebeat.yml configure output.elasticsearch with specified index. For example: https://www.elastic.co/guide/en/beats/filebeat/current/elasticsearch-output.html#index-option-es

system · July 23, 2020, 2:52am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Newbie qn: ingesting netflow Beats filebeat	2	260	September 29, 2021
Filebeat netflow module multiple host Beats	1	446	December 20, 2019
Logstash Index Name as "%{[@metadata][beat]}-%{[@metadata][version]}" Logstash	2	3759	July 3, 2019
Filebeat multiple sources netflow module Beats beats-module , filebeat	3	502	August 6, 2020
One index/index template per module Beats beats-module , filebeat	1	393	February 16, 2022

Filebeat with netflow module: independent index problem

Related Topics