Hello, checked the documents, i am still not able to update elasticsearch output index. i want to add a log type on it. But it keeps giving me the default one.
Here is my conf,
filebeat.inputs:
- type: log
# change to true to enable this input configuration.
enabled: true
# paths that should be crawled and fetched. glob based paths.
paths:
- /users/george/downloads/jslog1.log
json.keys_under_root: true
json.add_error_key: true
json.message_key: log
#- c:\programdata\elasticsearch\logs\*
fields:
level: debug
review: 1
log_type: nodeerror
filebeat.config.modules:
# glob pattern for configuration loading
path: ${path.config}/modules.d/*.yml
# set to true to enable config reloading
reload.enabled: false
#==================== elasticsearch template setting ==========================
setup.template.name: "filebeat"
setup.template.pattern: "filebeat-*"
setup.template.settings:
index.number_of_shards: 1
output.elasticsearch:
# array of hosts to connect to.
hosts: ["localhost:9200"]
index: "%{[fields.log_type]}-%{[agent.version]}-%{+yyyy.mm.dd}"
processors:
- add_host_metadata: ~
- add_cloud_metadata: ~
In the filebeat output log i noticed that it says "Set setup.template.name to '{filebeat-7.0.0 {now/d}-000001}' as ILM is enabled." This is default one. why???
Do I have to create a new customized templates to change the index?
Thanks!