I'm using filebeats to ship application logs from a server with index name created "iis_logs". I want to create a single index as "iis_logs" in elastic search but its creating new indexes daily adding the date to the index(like iis_logs-15-05-2017). Increase in the shards and indexes reducing the performance of the elastic search. Can you please suggest me is there any way I can do or the latest version filebeats does not have this issues.
Hi @dubul,
What version of filebeat are you using? Recent versions support index parameter as a template, allowing you to do what you want: https://www.elastic.co/guide/en/beats/filebeat/5.4/elasticsearch-output.html#_index
That is not a good idea. How do you manage retention?
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.