Filebeat with netflow module: independent index problem

robertitox · June 24, 2020, 11:29pm

Hi people, I enable netflow module in filebeat, and in filebeat.yml file I put this lines:
output.elasticsearch:
hosts: ["siemtest.provincianet.com.ar:9200"]
protocol: "http"
username: "elastic"
password: "xxx"
indices:

index: "filebeat-netflow-%{+yyyy.MM.dd}"
when.equals:
event.module: "netflow"
index: "filebeat-%{[agent.version]}-%{+yyyy.MM.dd}"
whe.not.equals:
event.module: "netflow"

I wanted to put every netflow data in one filebeat index and the other data in another index.

After executing "filebeat setup" and "service filebeat start", I go to "Index Management" --> filebeat-*, and I see a message telling that I have to reindex because there are some fields with different defined type along several indexes.

Have I proceed in a corect way?

How can I do to have netflow data in a index an the other data in another index (default)???

Thanks a lot!!!

Kaiyan_Sheng · June 25, 2020, 12:52am

Hello! Can you run two Filebeats, one with netflow module enabled and the other with other modules that you are using? Then for each Filebeat, in filebeat.yml configure output.elasticsearch with specified index. For example: https://www.elastic.co/guide/en/beats/filebeat/current/elasticsearch-output.html#index-option-es

system · July 23, 2020, 2:52am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Index for NETFLOW Filebeat module Beats	1	262	November 27, 2019
Newbie qn: ingesting netflow Beats filebeat	2	260	September 29, 2021
Unable to upload netflow data to Elasticsearch with filebeat netflow module Beats filebeat	9	2712	February 24, 2020
Filebeat netflow module multiple host Beats	1	446	December 20, 2019
Logstash Index Name as "%{[@metadata][beat]}-%{[@metadata][version]}" Logstash	2	3782	July 3, 2019

Filebeat with netflow module: independent index problem

Related topics