Hi
I am trying to configure the filebeat to output to Elasticsearch cloud using the following index templates definition inside filebeat.yml. The issue that I encountered is that I do not see the new indexe template (tasdk-warning-* and tasdk-info-) inside the "Index Management" section. I can see only one index template (tasdklog-) and I can create a custom index out of this index template.
I would like to find out what else that I need to configure inside the filebeat.yml to have more than 1 index. I follow the example from the following link:
https://www.elastic.co/guide/en/beats/filebeat/current/elasticsearch-output.html
extract from filebeat.yml:
#==================== Elasticsearch template setting ==========================
setup.template.enabled: true
setup.template.name: "tasdklog"
#setup.template.fields: "tasdkfields.yml"
setup.template.pattern: "tasdklog-*"
setup.template.overwrite: true
#setup.ilm.enabled: false
setup.ilm.enabled: true
setup.ilm.rollover_alias: "tasdklog"
setup.ilm.pattern: "{now/d{MM.dd.yyyy|America/New_York}}-000001"
setup.ilm.policy_name: "HungLeLogPolicy"
#setup.ilm.policy_file: "/Users/hungl/TEST_LOG/tasdklog.ilm.policy.json"
setup.ilm.overwrite: true
setup.template.settings:
index.number_of_shards: 3
index.number_of_replicas: 3
#-------------------------- Elasticsearch output ------------------------------
output.elasticsearch:
Array of hosts to connect to.
hosts: ["localhost:9200"]
hosts: ["http://eb9cb3db48b04209bd7eb3bc2f843ee0.us-west-1.aws.found.io:9200"]
index: "tasdklog-%{[agent.version]}-%{+yyyy.MM.dd}"
indices:
- index: "tasdk-warning-%{[agent.version]}-%{+yyyy.MM.dd}"
when.contains:
messages: "WARNING"
- index: "tasdk-info-%{[agent.version]}-%{+yyyy.MM.dd}"
when.contains:
messages: "INFO"
protocol: "http"
username: "elastic"
password: "UrVohVEDJKF94hNarlk4N83L"
pipeline: "testgrok"