I have been editing the file /usr/share/logstash/modules/netflow/configuration/elasticsearch/netflow.json and even changed the meta version among other fields. Problem is that when I call
sudo systemctl stop logstash.service
curl -XDELETE 'localhost:9200/netflow-*?pretty'
and then
sudo systemctl start logstash.service
The netflow-* index is created but the configuration is the default one. Even the version says 5.5 when I have changed it to 5.6 (all of my installation is updated to 5.6 versions and I am running SELKS).
What I am doing wrong?